BLUE ASH, Ohio (WKRC) – Dr. Gururau Sudarshan, known as Doctor G to his patients, was headed into work one morning last August when workers at his Cincinnati Pain Physicians clinic said they couldn’t get into the computer system.
“We contacted my IT person, who was able to look through his server from remote. In fact, his text was very crystal clear. He said, ‘You’ve been hit by ransomware,'” said Dr. Gururau.
He provided Local 12 a copy of the actual text advising him he would have to pay to get his data back. The attack was attributed to a group called Helldown, as confirmed by the U.S. Secret Service, which alerted Dr. Gururau that very morning of the hack.
Ransomware attacks are increasingly targeting the healthcare sector, with a recent survey by cybersecurity firm Sophos revealing that 67% of medical organizations reported such an attack in the past year, which is nearly double from 34% in 2021.
In Dr. Gururau’s case, the hackers hit a clinic that sees thousands of patients a month to help alleviate different kinds of pain. He’s been named one of Cincinnati Magazine’s best doctors in the Tri-State several times.
There was a note that the clinic’s IT consultant found inside the servers advising on how to get the data back. But Dr. Gururau never received a ransom demand and decided against paying any potential ransom.
“You knew that morning you weren’t going to pay. Whatever the amount was, you weren’t going to do it?” Local 12 asked.
“I knew that morning, yeah,” Dr. Gururau said.
The attack forced Dr. Gururau to rebuild thousands of medical records by hand. The process was supported by devoted patients like Robert and Julie Sellers, who kept backups of their visits and scans.
Dr. Gururau managed to recover about 80% of the data, and remarkably, none of his patients complained or left his practice due to the incident.
“The ones who never complained to me were my own patients. None of them ever came. Not a single person came and said, ‘Hey, my data is gone, and you’re responsible for it.’ Not one. We have not lost a patient,” Dr. Gururau said.
The financial impact of the attack was significant, costing Dr. Gururau well into six figures, and his cybersecurity policy only covered hardware replacement, leaving him unreimbursed for the $50,000 policy. Despite the challenges, Dr. Guruau does not regret his decision not to pay the ransom and has since changed his medical billing provider.
Reflecting on the future, Dr. Gururau is considering joining a larger organization to mitigate the risks of being on his own.
“And, I’ll be honest, I’m seriously wondering whether I should be continuing as a solo practitioner and not just be part of a bigger organization,” Dr. Gururau said.
Experts advised healthcare providers to hire cloud-based IT cybersecurity firms and maintain separate data storage from physical offices, practice strong password protocols, and make sure servers and software are completely up to date.
Patients are encouraged to keep backups of their medical records and limit the information shared with providers, especially in emergency situations, and also incorporate strong passwords when dealing with sensitive personal medical data.