Back to Ransomware


Ransomware attack impacts 16,000 patients in Georgia.

On December 14, 2018, Mind and Motion Developmental Centers of Georgia reported a data breach that affected protected health information (PHI) of 16,000 patients. Patient information such as names, birth dates, addresses, Social Security numbers, medical history, medical diagnoses, and health insurance details may have been stolen.

What course of action was taken once the attack was detected?

On September 30th, authorities at Mind and Motion Developmental Centers discovered that one of its company servers was infected with ransomware. The ransomware was installed on a server that stores Mind and Motion's medical records.

Mind and Motion's officials immediately hired a third-party IT security firm, TeamLogic IT, to recover lost data, analyze the attack entry point, and strengthen security protocols. The investigations revealed that the malware didn’t spread to Mind and Motion’s other servers. It was discovered that in addition to ransomware, an inactive keylogger, a spam mail generator, and other minor malware were installed on the server.

With help from TeamLogicIT, all malicious software was removed. Mind and Motion has changed all of its account passwords and has strengthened its password policy; both the anti-malware and antivirus software were upgraded as well. Encryption has also been added to its email accounts, along with spam protection. Mind and Motion also hired a compliance consulting firm to ensure HIPAA compliance during recovery and provide HIPAA compliance coaching to all employees. Mind and Motion reported the breach to the Department of Health and Human Services as quickly as possible. All affected patients have been notified about the breach by mail.

Don't want to make the news for the wrong reasons? Download ManageEngine DataSecurity Plus, a tool that can detect, classify , and secure personal data , and mitigate ransomware attacks.

How can ManageEngine help with such situations?


Even though Mind and Motion Developmental Centers had antivirus software installed, it couldn't withstand the attack. What it needed was an advanced solution that is capable of detecting and responding to ransomware attacks, something like DataSecurity Plus.

DataSecurity Plus is an automated ransomware threat identification and mitigation solution that:

  • Generates real-time alerts when an attempted ransomware attack is detected.
        The main indicator for any ransomware attack is an unusual amount of operations on files and folders. DataSecurity Plus monitors the frequency of file modifications by each user, and issues alerts whenever the number of modifications crosses a specified threshold within a set period of time. Each alert also indicates the username, source, date, and time of the incident, as well as other parameters that pave the way for further investigation.
  • Offers a customizable and automated response system to quarantine ransomware attacks.
        DataSecurity Plus uses a built-in ransomware detection and response mechanism to lock down infected devices and prevent further damage caused by ransomware spreading to storage devices or network systems. You can also set up your own automated responses, including the execution of a batch file, to quickly respond to ransomware attack alerts.
  • Simplifies forensic analysis.
        DataSecurity Plus generates customizable, in-depth, audit-ready reports on all file-related changes, access attempts, events, and share permissions.

To avoid cyberattacks and protect your organization, follow these eight best practices. Try out all of DataSecurity Plus' features yourself by downloading a free, 30-day trial.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

2022 Zoho Corporation Pvt. Ltd. All rights reserved.