IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Ukrainian Hackers Hit Mich. Health Company With Ransomware

A health-care company in Monroe County, Mich., suffered a sophisticated ransomware attack in July. Although there was concern that hackers could have compromised medical data, only financial info was affected.

(TNS) — A health care company with several locations throughout Monroe County was the target of a sophisticated cyber attack and is advising those potentially impacted to monitor their financial credit data.

Earlier this month, Family Medical Center of Michigan contacted its customers to advise them of a data breach that occurred July 2020. A group of hackers based in Ukraine targeted the company in a ransomware attack, taking control of the company's financial files and encrypting them so employees would be unable to access patients' financial information.

The hackers demanded FMC officials pay a sum of $30,000 to unlock those files.

The company complied with the demand, said Ed Larkins, CEO of FMC, after contracting the aide of a third-party forensic security and data firm.

Larkins said the firm advised FMC to pay the money as part of a strategy to determine the scope of the hack and what information may have been potentially compromised.

"The privacy and protection of sensitive information is a top priority for us," Larkins said. "We deeply regret any inconvenience this incident may have caused."

FMC has locations in Monroe, Carleton, Temperance, Adrian and Hudson. It also operates several school-based clinic for students and families. Those clinics are based in several districts in Monroe, Lenawee and Wayne counties.

Larkins said the company realized its network had been compromised when employees found they were unable to access payment information and records of its patients.

Shortly after the discovery, the hackers contacted FMC and explained their actions and demands, according to Larkins.

FMC began working with a company named IDX, which addresses data breaches. A week after the initial hack, FMC made the payment, Larkins said.

"The [company] helped us secure out digital environment and conducted a comprehensive investigation of what occurred and how to prevent it [from happening] again," Larkin said.

Ransomware attacks have become increasingly common in recent years. It's a practice in which cyber criminals infiltrate digital networks with malicious intents ranging from identity theft to digital control.

It took two weeks for the hackers to send a digital key to unlock the files, Larkins said, adding the company was advised that the delay was common in such circumstances.

" ... what [was] explained to us was that whoever is involved in [the hacking] is out to get paid the ransom and move on," Larkins said. "Once we got the key we didn't want to use the files. ... there might have been malicious [coding] hiding in the files. [IDX] advised us not to use those files or the hardware they were stored on."

IDX was able to determine the origin of the attack was in Ukraine, but could not identify a specific town or suspects.

A full digital audit of the data breach found that patients' medical files had not been compromised in any way, according to Larkins. The scope of the attack was purely financial information.

Those files cover a portion of patients who have been treated by FMC within the last 14 years. Larkins said those potentially impacted number more than 15,000.

FMC mailed letters to those patients based on the addresses the company had on file. Larkins said it has been working since the attack to identify and notify individuals whose information was part of the hack.

To date, IDX, which continues to manage the response to the incident, and FMC have received no complaints of instances of malicious financial crimes or identity theft.

But FMC and IDX continue to the monitor the situation, Larkins said. The companies have set up a hotline and have made available free credit monitoring services to patients' whose financial data were part of the hack.

Impacted patients can reach the hotline at 833-325-1768 between 9 a.m. and 9 p.m. Monday through Friday.

©2021 Monroe News, Distributed by Tribune Content Agency, LLC.