Eye Care Associates Hit by Ransomware Attack

BEAVER TOWNSHIP, Ohio – Eye Care Associates Inc., the largest ophthalmology and optometry practice in the region, was the victim of a ransomware attack two weeks ago that locked – and still locks – its computer systems.

As of this posting, the computer system is still down, although operations should be fully restored in “the next day or two,” Mary Jo Sierra, director of operators, said Tuesday.

No patient data or other sensitive information was stolen, she emphasized.

At 4 a.m. July 28 an “unknown computer hacking software had taken control of the entire Eye Care Associates computer system and locked them out until [an] unknown ransom was paid,” states the incident report filed Monday with the Beaver Township Police Department. “Sierra stated that she had reported the intrusion of the computer software to her board of directors and the third-party IT business, GBS, who Eye Care currently uses for backing up files and storing data.”

The attack failed in that the directors of the physician-owned medical practice decided not to respond to an email that would tell them how much money had to be paid to the unlock the system, says a data processor with the local office of Global Business Solutions Corp., based in Newport, Ky.

“They were not interested in even going that route,” learning how much ransom was being demanded, says Ronald Lipinski, supervisor, managed technology services at GBS Corp. “You have to respond to the email address to go that route.”

Where the attack succeeded was interrupting business operations, costing it patient bookings – or at least delaying them. For more than two weeks, no new patient appointments could be made and although some patients were treated, paper records appeared to be relied upon, one patient’s family told The Business Journal.

Another patient related how he kept calling and calling for an appointment. “They kept telling me they couldn’t make any appointments because their computer system was down.”

This patient could not wait any longer, he said, and received a referral.

“It impacted a large portion of their system,” Lipinski confirmed.

The main office and headquarters of Eye Care Associates is at 1075 W. Western Reserve Road. The practice also has offices in Warren, Youngstown and East Liverpool. Sixteen physicians comprise the practice.

“Once the directors of Eye Care Associates were told that there were valid backup copies [of the data], they decided to restore the system on a brand-new environment,” he explained. “That process started immediately.”

Given the number of patients Eye Care Associates has served – its website dates its origin to 1935 – and serves today, the data load “took some time” to restore, Lipinski says, and involved multiple IT companies participating in certain aspects of the recovery.

The police report states that system “was infected with a Trojan virus … that appears to have originated from North Korea … [and] was sent through email to an employee account.”

Lipinski says this has not been proven: “We were not asked to do that.”

As for how much the ransomware attack will cost the medical practice in lost revenue and productivity, and to rebuild its entire computer system infrastructure, Eye Care’s Sierra could not be reached for additional comment.

When the operations director notified police of the attack Monday, 15 days after it happened, she was provided with an incident-report number “for the board of directors and insurance company,” the police report states.

“As people invent new ways to protect systems, other people invent new ways of attacking them,” Lipinski says. “They find a way to get in.”

Pictured at top: Eye Care Associates Inc. main office and headquarters at 1075 W. Western Reserve Road in Beaver Township.

Copyright 2024 The Business Journal, Youngstown, Ohio.