PHI of Approximately 500,000 People Potentially Stolen During the Wolfe Eye Clinic Ransomware Attack

Wolfe Eye Clinic, which manages a network of eye health clinics across Iowa, has reported its encounter with a ransomware attack on February 8, 2021. Attackers acquired access to its networks, deployed ransomware and encrypted files. Much like in most ransomware attacks today, before file encryption, the hackers exfiltrated information from Wolfe Eye Clinic systems. The clinic received a ransom demand in exchange for the file decryption keys, however, it opted not to pay the ransom and retrieve files from backup copies. .

Wolfe Eye Clinic mentioned in its substitute breach notification letter that prompt action was undertaken to protect its network. Third-party IT security and forensic experts were involved to find out the nature and scope of the security breach. Because of the degree and sophistication of the attack, the team only determined the full scope of the security breach on May 28, 2021 and identified the data exposed during the attack.

The forensic inquiry, which ended on June 8, 2021, confirmed that the hackers viewed and exfiltrated the information of present and past patients. The stolen protected health information (PHI) contained names, contact information, dates of birth, Social Security numbers, and for certain persons, medical data.

Wolfe Eye Clinic began sending notification letters to impacted persons and offered free identity theft protection and credit monitoring services for one year via IDX. Wolfe Eye Clinic explained it is carrying out more safety measures to stop other attacks.

The attackers seem to have exfiltrated a huge volume of data. According to KCCI Des Moines, the incident impacted around 500,000 people, so this is regarded as one of the biggest ransomware attacks on one healthcare company that has been reported this 2021.