Mount Airy, Md.-based Family Medical Center determined in March 2023 that cybercriminals had accessed its system and copied its data, which was encrypted and unintelligible to the hackers, according to a Sept. 20 public notice in the Frederick (Md.) News-Post.
The organization said it enlisted experts and notified the state health department and law enforcement, including the FBI, to investigate. “Once the officials made sure there was no breach, we were allowed to make payments to the hackers,” the notice said. “This provided an encryption key to unlock all the encrypted data. Our [IT] experts replaced the server with all intact patient records.”
The average healthcare ransom payment reached $1.1 million in 2024, according to an Oct. 8 survey from Proofpoint and Ponemon Institute. While some cybersecurity experts have called for banning ransom payments, others say they’re typically the only way for a healthcare organization to retrieve their data or restore their systems after a hack.
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
