Ohio medical practice hacked, pays $75K in ransom: report

An Ohio medical practice was allegedly hacked earlier this week and told to pay $75,000 in ransom to unlock its computer system.

N.E.O. Urology Associates, which has an office in Boardman, Ohio, agreed to pay the ransom using bitcoin in order to access its computer system, according to a WFMJ TV report.

Police are investigating after the urology practice had its computer systems hacked and information re-encrypted, the news outlet said. A practice administrator reported to police that a fax was waiting for him when he arrived at the practice office requesting that the medical practice pay a ransom in order to access its computer records.

RELATED: Ransomware, phishing attacks top new HHS list of cyberthreats in healthcare

The medical practice then reportedly contacted its IT firm, which said it suspected the hack originated in Russia. According to a police report, the IT firm used a third party to pay the hackers to remove the malware. The urology practice told police that the hackers so disrupted their computer system that it took two days to access their records. Police said the administrator estimated a revenue loss between $30,000 and $50,000 per day.

N.E.O. Urology did not respond to a request for comment from FierceHealthcare.

Ransomware is a growing threat, and other medical practices have been targeted by hackers. In April, a Michigan medical practice decided to close its doors after hackers deleted all of its patient records when doctors refused to pay a ransom.

The two doctors, who were partners at the Brookside ENT and Hearing Center in Battle Creek, decided to retire early rather than try to rebuild the practice after they refused to pay hackers a $6,500 ransom in exchange for a code to access the practice’s medical files. The hackers deleted all the records, including files, appointment schedules, payment data and patient information.

In 2018, Indiana-based Hancock Health paid a $55,000 ransom to hackers to release more than 1,400 files and regain control of the clinical IT systems at Hancock Regional Hospital.

The decision to make the payment made the most sense from a business perspective, Hancock Health CEO Steve Long said. Although the files impacted by the breach were backed up and could have been recovered, it would have taken days or weeks to restore them.