Tuesday, October 8, 2019

Ransomware Forces California Medical Practice to Cease Operations


For the last couple of years now I’ve been preaching the benefits of security from my pulpit of Technology Evangelist.

Some of you have reached out to me via electronic means to tell me basically “Flucke, I’ve got this covered.  I don’t need the expense of an outside service to run my backups.”  Honestly, I get that.  If you are a real die hard techie type, perhaps you have adequate systems in place.  The problem with these situations is that it’s hard to really be *totally* sure you have all of the systems in place because it is hard to predict what problems you’ll face and how many backups you might need to overcome that situation.  That’s why I’ve always referred to backups as “a backup chain”.  Simply because you need as many links as possible and it’s hard to judge how many links you’ll need.  The golden rule is that you need “one more copy than you think you need”.

Today, let me tell you about a medical practice in California.  Wood Ranch Medical, located in Simi Valley, California suffered a Ransomware attack on August 10, 2019.  While not many details on the attack and the ensuing restoration efforts have become public, this much is known.  The attack immediately encrypted the servers, the patient records, and the backup hard drives.  Evidently over a month was spent trying to fix the problem to no avail.  On September 18, 2019 the practice announced on their website that they could not recover the data and with the backup drives also encrypted they cannot rebuild the medical records.  Basically every piece of data was lost.  Since there is no data left to run the business with, Wood Ranch announced they will be closing the practice permanently as of December 17, 2019.

You read that correctly.  The practice was so devastated by the RansomWare that they are ceasing operations and are closing.  Without being aware of all of the things that transpired behind the scenes, it is difficult to know exactly what happened and exactly how it happened.  Looking back on this situation now, I would be willing to wager that what seemed like an unneeded expense for professional backups now seems like a bargain to the practice.  It’s like that with a lot of things.  Sometimes the price seems high until you are actually faced with the prospect, and the costs, of recovering.

I do not receive a check from DDS Rescue & I want you to know that.  I recommend them because I use them, I believe in them, and I know that they would have been able to get this practice back up and running, perhaps in as little as ONE day.  The money spent for their service should be looked upon as insurance.  RansomWare has stolen a doctors dream from them.  Don’t let this happen to you.


  1. I set a new record last week. 16 offices infected. ~28 TB of encrypted data. Everything recovered and back to work in 23 minutes. Can DDS Rescue do that? ;)

  2. Aaron, impressive record. Any of your customers will certainly be pleased with such a quick recovery. As for DDS Rescue, once an office has us on the phone our recovery time is 30 minutes or less. In fact our average is presently 18 minutes. It appears that we both have one thing in mind, keep our offices running when their server can't.

    1. Nice work! Does DDS rescue just protect the Eaglesoft database, or the entire system? I currently protect everything--user documents, pano images (stored outside of Eaglesoft), remote desktop servers, active directory, and more. I might have to look into DDS Rescue if it can match or beat our cost. The software is completely free and open source.