Back to Ransomware


Ransomware attack at the Jones Eye Institute Clinic exposes patient records.

On August 23, clinic officials at Jones Eye Institute Clinic, a healthcare center in Sioux City, Iowa, discovered a ransomware attack which may have exposed the data of around 40,000 patients. Since the clinic followed the practice of maintaining regular data backups, they were able to recover all encrypted files and didn't pay the ransom demanded by the hackers.

How did the company deal with the attack?

As soon as the attack occurred, the clinic hired a cybersecurity expert and notified the Federal Bureau of Investigation (FBI). The investigation revealed that the virus was loaded on the computer systems on August 22. This means that hackers would have had the ability to access patient information contained in billing and scheduling software. The attack may have compromised the information of patients registered or treated at the clinic between January 1, 2003 and August 23, 2018.

The compromised information includes full names, addresses, dates of birth, dates of service, medical record numbers, and general descriptions of the clinic visit or surgery. Some individuals' Social Security numbers, insurance statuses, and claim information may have also been compromised. Sensitive information like bank account or credit card details were not affected. There have been no reports that the stolen information has been misused.

All affected patients were notified and given instructions on how to avoid fraud. As a gesture of goodwill, the clinic has offered to pay for one year of credit monitoring services for the affected individuals.

Don't want to make the news for the wrong reasons? Download ManageEngine DataSecurity Plus, a tool that can detect, classify , and secure personal data , and mitigate ransomware attacks.

How can ManageEngine help?

While Jones Eye Institute Clinic was able to recover data using backups, a ransomware detection tool could have helped the clinic avoid the attack altogether. Here are some best practices you can adopt to prevent ransomware.

ManageEngine DataSecurity Plus can automatically identify and mitigate ransomware threats. Without any manual intervention, the tool will immediately:

    1. Provide email alerts at the first sign of a data breach.
    2. Shut down infected devices and quarantine infected systems to prevent malware from spreading.


Start your free, 30-day trial today.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

2022 Zoho Corporation Pvt. Ltd. All rights reserved.