From the WELL Cybersecurity Division

Vulnerability in Small Clinics: A Ransomware Attack Case Study

Over the past few years, the increasing trend of cyber breaches in medical organizations has garnered considerable attention due to the impact of millions of dollars in damages and the impact on sensitive patient data. While these instances should concern everyone in the healthcare industry, it is common for clinicians to feel a false sense of security that their small clinic would not be a target for bad actors.

Small Clinics: An Overlooked Breach Target


In a 2021 case study, a Toronto-based clinic shared their experience as the target of a ransomware attack. The clinic, consisting of a family practice and a rehabilitation centre offering physiotherapy and chiropractic services, employs a staff of 12, including doctors and supporting personnel.

On February 2021, the rehabilitation clinic was unable to access their EMR system (which was installed on their premises rather than hosted in the cloud) due to a targeted ransomware attack. The clinic’s computer monitors displayed an ominous screen message informing staff of the system’s encryption and demanding payment of $75,000 to restore their data. With no access to their EMR system for client information, scheduling and billing, the business operations came to a dramatic halt.

Approach: IT and Cybersecurity Support


The clinic promptly contacted their internal IT personnel and subsequently enlisted the expertise of a cybersecurity consulting firm. The cybersecurity firm performed initial forensic investigations and assumed the role of negotiator in communicating with the hacker.

The clinic faced a key decision – to negotiate and pay the ransom or attempt to rebuild/restore their compromised system. However, the clinic’s data backup mechanisms were inadequate, creating a significant obstacle to restoring the system. Opting for system rebuilding entailed forfeiting approximately $50,000 in billing that was locked inside the EMR system.

Results: Negotiating the Ransom


After careful deliberation, the clinic decided to negotiate the ransom. Three weeks of discussion and numerous threats from the hacker resulted in a reduced ransom settlement of $25,000. After five months of operational hurdles and financial constraints, the EMR was finally unlocked, and the clinic returned to regular operations. Nonetheless, the repercussions were profound, spanning financial losses, operational setbacks, and an erosion of reputation.

Comprehensive Cost Evaluation

The financial impact of this single encounter was dramatic. Here is how the costs broke down:

Ransomware Payment – $25,000
Cybersecurity Consulting – $8,000
Implementation of New Security Measures: $20,000
Total Cost: $53,000

In addition to the direct financial cost, the five months of compromised customer service and increased patient frustration resulted in a decrease in business activities and loss of personnel. And, because the clinic did not have a cybersecurity insurance policy, the clinic had to shoulder the burden of the costs.

Lessons Learned: Secure Your Practice!


While the impact of this ransomware attack was significant for this clinic, it could have been much worse. What if the attack had compromised the EMR system dedicated to the family practice? Having no access to patient information would have directly affected the clinic’s physicians’ ability to care for patients. Hackers know the value of Protected Health Information (PHI) and the pivotal role of medical systems. It is essential that clinicians take the possibility of cyber threats seriously and understand that they are ultimately responsible for protecting both their computer systems and patient information.

“We wish we would have reviewed our security regularly to make sure it was all up-to-date. Regretfully, we took an ‘if it ain’t broke approach’. Things are changing rapidly. Having an expert review our cybersecurity position and provide recommendations on a regular basis would definitely have been wise”.

If you are seeking proactive measures to securing your digital infrastructure and patient data, we can help!  Contact us today.

Scroll to Top