Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown
Dozens of angry parents and patients are demanding answers after an Oklahoma allergy clinic shut its doors, blaming a cyberattack for the abrupt closure.
The Oklahoma Institute of Allergy Asthma and Immunology posted a notice on its doors starting earlier this month saying it will be closing "effective immediately due to a cybersecurity event.” Clinics in the towns of Norman and Yukon were both closed.
According to the notice, a “limited area” of the clinic will still be used for infusions and injections. “Our insurance company Amtrust will be sending out information to all parties that were potentially affected and you will be notified promptly. Regrettably due to the magnitude of the event there could potentially be a time delay in notification as information may be difficult to access," they wrote.
The clinic noted that wait times for injections may increase due to the attack and staff will have limited access to records in paper form “until the proper authorities are able to decipher the information to help remedy the situation.”
The clinic did not respond to requests for comment and did not post any notice of the incident on its website or social media pages.
That did not stop patients from responding to the clinic’s most recent Facebook posts with angry messages about showing up for scheduled appointments only to be turned away.
Several patients said that when they arrived, there was no one there and the office appeared to be permanently closed.
“This office is permanently closed. There are no phones, no computers, no paper medical records and no staff here. I found that out at my 8:15 a.m. appointment this morning. Everything is gone,” one patient said on Facebook.
“When is someone going to return my call regarding how to obtain my son's serum that is already paid for so we can go somewhere else that doesn’t close it’s doors all of a sudden! We have been a patient for over four years and I do not understand why no one is responding!!!” another said.
Multiple people said they or their children depended on the shots or injections provided by the clinic and were confused as to why little notice was given to those in need.
The clinic’s operators did eventually speak to local news outlets to explain what happened.
Dr. Amy Liebl Darter told KFOR that the situation started in February, when she and her husband downloaded an iPhone app that created issues with all of the clinic’s technology – from phones to email and electronic medical records.
While Darter did not call it ransomware, she said the clinic was “locked out of everything, even their Facebook page.”
“Our patients, unbeknownst to me, are still getting text messages from our electronic medical record telling them to come for appointments, they’re still able to call the main line. Yet we have no access to that,” Darter told the local news station.
She claimed she contacted the FBI about the incident but the agency denied that it was ever contacted in a statement sent to several other news stations.
Darter said she has tried to buy new phones but has had little success in getting back into the clinic’s systems.
"I just want to reassure everybody that this breaks my heart," Darter said in an interview with KOCO, noting that she had to furlough some of her employees. "I've been in practice for about 20 years, and this breaks my heart that we can't effectively take care of patients right now in a safe manner."
The clinic posted a new notice on its doors in recent days claiming the “Department of Justice and Department of Defense are investigating” the incident.
The Oklahoma Allergy and Asthma Clinic has reportedly stepped in to help patients that are unable to get the shots they need.
No ransomware group has taken credit for the incident.
Attacks on healthcare facilities are at an all-time high, with dozens of hospitals, clinics and healthcare organizations facing crippling attacks in recent weeks.
A major health organization in Louisville, Kentucky was forced to revert back to using pen and paper for records after a cyberattack on May 9. The organization, Norton Healthcare, contacted the FBI after receiving a “faxed communication containing threats and demands.”
Hospitals in Indiana and New York have also been dealing with devastating cyberattacks in recent days as well.
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.