Maffi
Clinics, a chain of plastic surgery clinics in the United States, is notifying
patients about a ransomware incident that briefly affected its systems. Unlike
most cases involving ransomware, though, this one didn’t leave a scar, illustrating
the power of strong security protocols.

According to the breach notice, Maffi encountered “unusual activity” on one of its servers in September last year. The chain immediately instated its incident response plan and shut down its systems to eliminate the chance of any malware spreading through its systems. As it turned out, the administrators’ hunch was correct: the clinic had just received a dose of ransomware.

“We
immediately instituted our security breach protocols which involved shutting
down all of our computers and servers,” the firm said. “Within hours of
discovering the activity, an independent IT consulting firm was onsite at Maffi
Clinics and determined that an unidentified source had gained remote access to
our server and installed ransomware.”

Within
about five hours, the incident was contained and all data was restored. In
other words, the clinic denied the attackers the ransom and escaped unscathed.
The clinic nonetheless emailed all patients whose information was subjected to
the attack out of an abundance of caution. Under the Health Insurance
Portability and Accountability Act (HIPAA), Maffi fulfilled its legal
obligation to acknowledge the breach, and notified the US Department of Health
and Human Services (HHS).

The
same notice reveals that Maffi has since implemented and continually evaluated
additional safeguards to prevent a similar incident in the future.
Nevertheless, the clinic advises patients to keep an eye on their bank accounts
for any signs of identity theft, just in case.

“If
you detect any suspicious activity on any of your accounts, you should promptly
notify the financial institution or company with which the account is
maintained,” the breach notice adds. “You should also promptly report any
fraudulent activity or any suspected incidents of identity theft to proper law
enforcement authorities.”