Cochise Eye & Laser, an Arizona-based optometrist, hasse suffered a ransomware attack. The threat actor targeted the optometrist's patient scheduling and billing software.
In their breach statement, Cochise said their compromised software stored sensitive customer records.
“Names, dates of birth, addresses, phone numbers, and in some cases social security numbers were stored in our billing software.”
Ransomware attackers use double extortion tactics to force their victims to pay their ransom price.
First, sensitive data is completely encrypted and only decrypted if the ransom is paid. To further incentify this, victims are warned that their seized data will be posted on the dark web if the ransom price is not paid by its due date.
Cochise said there was only evidence of data encryption but no evidence of any exfiltration.
“There is no evidence that the data was taken, only that it was encrypted, and in some cases deleted, making it impossible for us to access anything in our scheduling system,” Cochise said in their statement.
The inability to access scheduling and billing software has pushed Cochise’s technology back several decades. While data recovery efforts are underway, the company is using paper, pens, and charts to rebuild its schedules.