Estes Park Health suffers ransomware attack; pays ransom to unlock encrypted files

• The most impacted software include the software in the clinic and the digital imaging software that holds the images of X-rays.
• Ransom amount has been paid and the encrypted files are still being restored.

Estes Park Health (EPH) suffered a ransomware attack on June 2, 2019, that impacted their network, phone services, and email services.

What happened?

On June 2, 2019, Estes Park Health staff noticed abnormalities in their computer systems. The staff informed the CIO, who noticed the files getting locked up.

• The healthcare center immediately shut down all its servers and notified its insurance company, the law enforcement authorities, and the FBI.
• EPH launched its Hospital Incident Command Center and started taking the necessary steps.
• The hospital switched its operations to a manual mode with a pen and paper.
• The most impacted software include the software in the clinic and the digital imaging software that holds the images of X-rays.

“At that point in time we are looking at the patients we have internally, we are looking at what is coming through the door and monitoring everything that was going on,” Larry Leaming, CEO at Estes Park Health said.

The response

The insurance company’s cybersecurity team contacted the attackers behind the ransomware attack and started negotiations.

• The negotiation settled at an agreed ransom payment of $10,000.
• However, an initial amount was paid first which unlocked only a few files.
• EPH had to pay the attackers more to unlock all the encrypted files.
• The encrypted files and systems are still being restored and the clinic software has been moved to a read-only mode.
• Physicians are currently using voice transcription documentation to capture patient visits.
• The transcribed information will be entered into a patient’s file once the software is fully functioning.

“We are extremely proud of our IT department for detecting this breach very early, shutting down the virus pathways and protecting systems that have allowed a majority of the services to function normally today,” Lisa Taylor, Marketing Director at EPH said.