NEO Urology Suffers Ransomware Attack, Pays $75,000 Ransom

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

Cybercriminals continue to flex their muscles on the healthcare industry with ransomware hitting an Ohio medical practice earlier this month.

NEO Urology in Boardman, Ohio, suffered a complex ransomware attack, with hackers encrypting the organization’s entire computer system.

According to a report from local news agency WFMJ, the attack on NEO Urology occurred on June 10th, when a fax was sent to the practice administrator requesting a ransom payment of $75,000 via bitcoin to unlock their files that were encrypted in the attack.

NEO Urology contacted their IT firm, who suspects the hack originated in Russia. The IT firm used a third-party to pay the hacker the $75,000.

The organization stated that “the hackers went so deep into their system that it took until Wednesday [June 12th] to access their computer systems.” With NEO Urology being unable to access their systems, downtime costs added up quickly. The practice told police that their loss in revenue due to downtime was between $30,000-$50,000 per day, according to WFMJ.

This ransomware attack goes to show that cybercriminals still see the value in targeting the healthcare sector. With healthcare organizations needing constant access to their data or their patients’ data, these businesses cannot afford to go without computer access – an attractive reason for cybercriminals to target the industry with ransomware.

Ransomware is showing no signs of slowing down, in fact, according to a report from Malwarebytes, businesses saw an astonishing 195 percent increase in ransomware attacks in Q1 of 2019.

Do not make the mistake of thinking you are not a target for ransomware. While it is true that cybercriminals favor the healthcare sector and small to medium-sized businesses, anyone could have a bullseye on their back when it comes to being struck by ransomware.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.

HIPAA Secure Now! suite of subscriptions offers an extensive list of tools to provide ongoing training, assessment, moderation activities and more to support an organization’s privacy and security efforts. Subscriptions also support the process of conducting an annual Security Risk Assessment to meet MIPS and Promoting Interoperability requirements.

The subscriptions work for organizations of all sizes, both Covered Entities and Business Associates. All are priced at a flat annual fee, based on number of employees, for a full 12 months. All include a discount if purchased through us.


If your organization has more than 50 employees, or if you’d like to schedule a demo or you just want to get a couple questions answered, take a few seconds to complete this form and we will get back to you.