Marin Community Clinics Data Breach (2019)

Marin Community Clinics was able to resume use of its computer system Friday night after being hit by a ransomware attack between 9 a.m. and 10 p.m. Wednesday. “We’re not totally out of the woods, but we’re feeling good because we’ve had the system up three days now.” said Mitesh Popat, the clinics’ CEO. “There is always reinfection risk hanging over your head. We’re trying to play it super safe and super cautious.” Unidentified hackers somehow managed to encrypt the clinics’ data and demanded a ransom to decrypt it. Typically, to be successful ransomware requires some form of user interaction, such as a user opening an attachment to an email and clicking on a malicious link. Popat, however, said the ransomware used in the attack, known as Sodinokibi, gained access through a computer server. “It was through our network operator,” Popat said. He declined to identify the operator, citing security concerns. Popat said Marin Community Clinics was able to resume use of its system fairly quickly because it backs up its data on a regular basis.