A small/medium-sized hearing center suffered a devastating ransomware attack that permanently destroyed all electronic medical records. Unable to recover the encrypted data or afford the ransom, the practice’s physicians chose to shut down operations entirely rather than attempt reconstruction. The attack halted all business functions, leading to irreversible closure. The incident highlights the existential threat ransomware poses to SMBs with limited cybersecurity resources or backup systems. The financial and operational impact was catastrophic, eliminating the company’s ability to continue serving patients or generating revenue.
Source: https://oregonbusiness.com/cyber-insurance-for-small-and-medium-sized-businesses/
TPRM report: https://www.rankiteo.com/company/liberty-hearing-centers
"id": "lib5702557102525",
"linkid": "liberty-hearing-centers",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'All (electronic medical records '
'destroyed)',
'industry': 'Medical Services',
'name': 'Unnamed Hearing Center',
'size': 'Small Business',
'type': 'Healthcare (Audiology Practice)'},
{'industry': 'Automotive',
'name': 'Unnamed Car Dealership',
'size': 'Small/Medium Business',
'type': 'Retail'},
{'industry': 'Property Development',
'name': 'Unnamed Real Estate Development Firm',
'size': 'Small/Medium Business',
'type': 'Real Estate'},
{'customers_affected': 'All (PoS systems disabled)',
'industry': 'General Merchandise',
'name': 'Unnamed Retailer',
'size': 'Small/Medium Business (multi-branch)',
'type': 'Retail'},
{'industry': 'Property Sales/Leasing',
'name': 'Unnamed Real Estate Agency',
'size': 'Small Business',
'type': 'Real Estate'},
{'customers_affected': 'Clients whose PII was exposed '
'via photocopier',
'industry': 'Finance/Accounting',
'name': 'Unnamed Accounting Firm',
'size': 'Small Business',
'type': 'Professional Services'}],
'attack_vector': ['Phishing Email (Malicious Link)',
'Exploited Vulnerabilities (Automated Scanning)',
'Email Account Compromise',
'Unsecured Leased Photocopier/Printer (Residual Data)',
'Ransomware (Encryption of Systems)'],
'customer_advisories': [{'advisory': 'Clients notified of PII exposure via '
'breach disclosure.',
'entity': 'Accounting Firm'}],
'data_breach': {'data_encryption': [{'entity': 'Hearing Center',
'status': 'Encrypted (ransomware)'},
{'entity': 'Retailer',
'status': 'Encrypted (ransomware)'}],
'data_exfiltration': [{'data': 'Email content used for BEC '
'fraud',
'entity': 'Real Estate Firm'},
{'data': 'Client PII via unsecured '
'photocopier',
'entity': 'Accounting Firm'}],
'file_types_exposed': ['Medical Records',
'PDFs (photocopier files)',
'Emails',
'Payroll Databases',
'Financial Spreadsheets'],
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'Numbers',
'Medical Histories',
'Bank Account '
'Details'],
'sensitivity_of_data': 'High (medical, financial, PII)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Data (Bank Accounts, '
'Payroll)',
'Corporate Emails',
'Confidential Client Files']},
'date_publicly_disclosed': '2023',
'description': 'The article highlights the growing threat of cyber attacks on '
'small and medium-sized businesses (SMBs) in 2023, with 43% of '
'all cyber attacks targeting SMBs. It details multiple case '
'studies, including ransomware attacks, payroll hacks, '
'password breaches, point-of-sale attacks, and photocopier '
'breaches, emphasizing the financial, operational, and '
'reputational impacts. The average cost of a cyber attack for '
'SMBs is $254,445, with some incidents costing up to $7 '
'million. The article also underscores the importance of cyber '
'insurance for mitigation, though only 17% of SMBs currently '
'have coverage.',
'impact': {'brand_reputation_impact': 'Severe (permanent closures, lawsuits, '
'loss of trust)',
'customer_complaints': 'Likely (e.g., accounting firm’s client '
'lawsuit over exposed PII)',
'data_compromised': ['Electronic Medical Records (EMR)',
'Bank Account Information',
'Employee Payroll Data',
'Corporate Emails (BEC)',
'Customer PII (Photocopier Hard Drive)',
'Financial/Confidential Client Data'],
'downtime': [{'duration': 'Permanent', 'entity': 'Hearing Center'},
{'duration': 'Temporary (stores closed until '
'resolution)',
'entity': 'Retailer'}],
'financial_loss': {'average_cost': '$254,445 per incident',
'max_recorded_loss': '$7,000,000',
'specific_cases': [{'entity': 'Hearing Center',
'loss': 'Permanent closure '
'(cost of ransom + '
'system rebuild '
'deemed '
'unaffordable)'},
{'entity': 'Car Dealership',
'loss': 'Tens of thousands '
'(fake payroll '
'additions)'},
{'entity': 'Real Estate '
'Development Firm',
'loss': 'Millions '
'(fraudulent wire '
'transfers to '
'China)'},
{'entity': 'Retailer',
'loss': 'Temporary closure '
'(ransomware '
'disrupted PoS '
'systems)'},
{'entity': 'Accounting Firm '
'(via Leased '
'Photocopier)',
'loss': 'Legal fees + '
'client lawsuit '
'(data breach '
'notification '
'costs)'}]},
'identity_theft_risk': 'High (exposed PII from photocopier, '
'emails, payroll data)',
'legal_liabilities': ['Data breach notifications (accounting firm)',
'Class-action lawsuits (employee/employee '
'data breaches)',
'Regulatory fines (PCI, privacy laws)'],
'operational_impact': ['Complete shutdown of business (e.g., '
'hearing center)',
'Disruption of transactions (retailer PoS '
'attack)',
'Loss of critical data (medical records '
'destruction)',
'Legal liabilities (accounting firm '
'lawsuit)'],
'payment_information_risk': 'High (bank account info stolen in '
'payroll hack, PoS attack)',
'revenue_loss': ['Direct theft (e.g., real estate firm’s wire '
'fraud)',
'Business interruption (retailer store closures)',
'Long-term customer loss (reputation damage)'],
'systems_affected': ['Point-of-Sale (PoS) Registers',
'Network Servers',
'Email Systems',
'Medical Record Databases',
'Photocopier/Printer Hard Drives',
'Payroll Systems']},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (PII, financial '
'data from breaches)',
'entry_point': ['Phishing Email (Retailer)',
'Unpatched Vulnerabilities '
'(Automated Scans)',
'Compromised Email Account (Real '
'Estate Firm)',
'Unsecured Leased Device '
'(Accounting Firm)'],
'high_value_targets': ['Financial Data (Bank '
'Accounts, Payroll)',
'Medical Records',
'PII (for Dark Web Sales)']},
'investigation_status': 'Closed (case studies summarized; no active '
'investigations mentioned)',
'lessons_learned': ['SMBs are prime targets due to lack of cybersecurity '
'resources.',
'Automated attacks exploit unpatched vulnerabilities and '
'poor training.',
'Ransomware can force permanent closures if backups/data '
'recovery plans are absent.',
'Third-party risks (e.g., leased devices) are often '
'overlooked.',
'Cyber insurance is critical but underutilized (only 17% '
'of SMBs have coverage).',
'Employee training and MFA could prevent many breaches '
'(e.g., phishing, BEC).',
'Data encryption and secure disposal policies are '
'essential (e.g., photocopier hard drives).'],
'motivation': ['Financial Gain (Extortion, Fraud, Theft)',
'Data Theft (PII, Financial, Medical Records for Dark Web '
'Sales)',
'Disruption of Operations'],
'post_incident_analysis': {'corrective_actions': ['Adopt cyber insurance to '
'offset financial risks.',
'Invest in employee '
'training and phishing '
'simulations.',
'Implement MFA, encryption, '
'and regular patching.',
'Develop data breach '
'response protocols.',
'Audit third-party '
'vendors/devices for '
'security gaps.',
'Monitor for dark web '
'exposure of credentials.'],
'root_causes': ['Lack of cybersecurity '
'training/awareness.',
'Absence of MFA and endpoint '
'protection.',
'Unpatched systems and known '
'vulnerabilities.',
'Poor data disposal practices '
'(e.g., photocopier).',
'No incident response or backup '
'plans.',
'Underestimation of third-party '
'risks.']},
'ransomware': {'data_encryption': 'Yes (Hearing Center: medical records; '
'Retailer: PoS systems)',
'ransom_demanded': [{'amount': None,
'currency': None,
'entity': 'Hearing Center',
'paid': 'No (chose closure)'},
{'amount': None,
'currency': None,
'entity': 'Retailer',
'paid': 'No (could not afford)'}],
'ransom_paid': 'No (in both cases)'},
'recommendations': ['Implement cybersecurity awareness training for all '
'employees.',
'Deploy multi-factor authentication (MFA) and endpoint '
'protection.',
'Regularly patch systems and conduct vulnerability scans.',
'Secure IoT/peripheral devices (e.g., printers, '
'photocopiers).',
'Develop and test an incident response plan.',
'Purchase cyber insurance tailored to business risks.',
'Monitor dark web for exposed credentials/data.',
'Enforce data encryption and secure backup protocols.',
'Conduct third-party vendor risk assessments.',
'Comply with relevant regulations (HIPAA, PCI DSS, '
'etc.).'],
'references': [{'date_accessed': '2023', 'source': 'U.S. Chamber of Commerce'},
{'date_accessed': '2023',
'source': 'Marsh McLennan Agency (Cyber Specialist Kacey '
'Wheeler)'},
{'date_accessed': '2023',
'source': 'Oregon Business – Brand Story on Cyber Insurance'}],
'regulatory_compliance': {'fines_imposed': [{'details': 'Potential (not '
'specified)',
'entity': 'Accounting Firm'}],
'legal_actions': [{'action': 'Client lawsuit over '
'PII exposure',
'entity': 'Accounting Firm'}],
'regulations_violated': ['HIPAA (Hearing Center – '
'PHI destruction)',
'State Data Breach '
'Notification Laws '
'(Accounting Firm)',
'PCI DSS (Retailer – PoS '
'compromise)',
'Potential GDPR/CCPA (if '
'applicable to exposed '
'PII)'],
'regulatory_notifications': [{'action': 'Mandatory '
'breach '
'disclosure '
'to '
'affected '
'clients',
'entity': 'Accounting '
'Firm'}]},
'response': {'communication_strategy': [{'action': 'Client notifications '
'(legal requirement)',
'entity': 'Accounting Firm'}],
'incident_response_plan_activated': 'Unlikely (most SMBs lacked '
'preparedness)',
'law_enforcement_notified': [{'action': 'Mandatory breach '
'notification (PII '
'exposure)',
'entity': 'Accounting Firm'}],
'recovery_measures': [{'action': 'Temporary closure (no '
'immediate recovery plan)',
'entity': 'Retailer'}],
'third_party_assistance': [{'assistance': 'None (chose closure '
'over ransom payment)',
'entity': 'Hearing Center'},
{'assistance': 'None (could not '
'afford security '
'vendors)',
'entity': 'Retailer'}]},
'stakeholder_advisories': 'SMBs urged to assess cyber risks and adopt '
'insurance/mitigation strategies.',
'threat_actor': 'Opportunistic Cybercriminals (Likely Automated Script '
'Kiddies, Ransomware Groups, and Initial Access Brokers)',
'title': 'Cyber Attacks on Small and Medium-Sized Businesses (SMBs) – 2023 '
'Trends and Case Studies',
'type': ['Ransomware',
'Data Breach',
'Phishing',
'Business Email Compromise (BEC)',
'Point-of-Sale (PoS) Attack',
'Unsecured Device Breach'],
'vulnerability_exploited': ['Lack of Employee Cybersecurity Training',
'Unpatched Systems',
'Weak Password Policies',
'Inadequate Data Encryption',
'Poor Vendor/Third-Party Risk Management',
'Absence of Multi-Factor Authentication (MFA)',
'Unsecured IoT/Peripheral Devices']}