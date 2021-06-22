WATERLOO -- Roughly a half-million current and former patients of Wolfe Eye Clinic locations around Iowa, including Waterloo and Cedar Falls, may have had their personal information harvested in a February cyber attack, the company announced Tuesday.
Wolfe Eye Clinic, headquartered in Marshalltown and with locations in Cedar Falls, Waterloo, Waverly, Toledo and Traer, among others, said Tuesday it was notifying around 500,000 current and former patients that their personal records with the clinic "may have been inappropriately accessed as a part of a cyber-related incident," the company said in a statement.
The attack happened Feb. 8, the company said, when an "unauthorized third-party" gained access to Wolfe's computer network, blocked access to "some systems and information," and demanded an unspecified ransom, which the company said it did not pay.
Wolfe then used "independent IT specialists and forensic investigators" to figure out how far into the company's system the cyber attackers got, only realizing how much was taken on May 28. The investigation officially concluded June 8, the company said.
Asked why the company waited another two weeks to inform the public, Wolfe spokesperson Kassandra Trenary said: "It takes a tremendous amount of time to investigate and learn the full extent of the scope."
Trenary said it was unclear how many patients at Cedar Valley offices were affected, as the attack affected former patients as well. She also noted letters would be sent out to all affected people.
"We take our responsibility to protect personal information in our control very seriously, and apologize for any concern or inconvenience this may cause," Luke Bland, Wolfe's chief financial officer, said in the Tuesday press release. He said the company would "continue to closely monitor" the attack.
Such cyber attacks featuring ransom demands -- where malicious hackers take over a computer network and refuse to let a company back in unless they are paid, usually in untraceable cryptocurrency -- are on the rise in recent years.
Security breaches increased a whopping 67% between 2014 and 2019, according to Accenture. The average cost to a company to solve one was $3.86 million, while the average time to identify that a breach even occurred was 207 days, according to a 2020 IBM report.
Large companies and even government entities aren't immune: Cybersecurity services firm BlueVoyant found a 50% increase in cyber attacks between 2017 and 2019 for local and state governments, and recent ransomware attacks have hit meatpacker JBS as well as shut down Colonial Pipeline. But health care is the biggest industry getting hit, according to the IBM report.
"Unfortunately, these types of cyber incidents have become all-too common for health care providers of all sizes nationwide," said Bland in the release.