Spokane’s Columbia Surgical Specialists paid nearly $15,000 in ransomware attack targeting patient data
Columbia Surgical Specialists, which runs four medical offices in Spokane and Spokane Valley, says it paid hackers nearly $15,000 to decrypt patient information that was held hostage in a ransomware attack.
In a two-page notice sent to patients on Thursday, the company said it learned about the hacking on Jan. 9 and, after an investigation by an outside cybersecurity firm, reported the incident to state and federal authorities.
“We received notice from the people that encrypted the files just a few hours before several patients were scheduled for surgeries, and they made it clear we would not have access to patient information until we paid a fee,” the company said.
“We quickly determined that the health and well-being of our patients was the number-one concern, and when we made the payment they have us the decryption key so we could immediately proceed unlocking the data.”
The company said it “believes that no data was acquired, disclosed or used” by the hackers, though patient records were exposed during the attack.
Initially, the firm believed records of up to 400,000 patients may have been compromised, but “after further investigation, the actual number of potentially affected patients is substantially smaller.”
This story is developing.