More Than 114,000 Patients Affected by Wilmington Surgical Associates Ransomware Attack
In October 2020, the NetWalker ransomware gang claimed responsibility for a ransomware attack on the North Carolina-based surgical center, Wilmington Surgical Associates. The gang claimed to have stolen around 13GB of data prior to deploying NetWalker ransomware and encrypting files. The stolen batch of data included thousands of documents containing sensitive information.
HIPAA Journal has not yet been able to obtain a copy of the breach notification; however, the ransomware attack has now appeared on the HHS’ Office for Civil Rights breach portal and shows the PHI of 114,834 patients was compromised in the attack.
The NetWalker ransomware gang targets healthcare providers and the gang has stepped up its attacks in 2020. The gang was behind the ransomware attack on the University of California San Francisco and stole sensitive and valuable research data. The University felt it had no alternative other than to pay the $1.14 million ransom to recover the encrypted data.
Other healthcare providers attacked with NetWalker ransomware this year include the Crozer-Keystone Health System in Philadelphia, the Champaign-Urbana Public Health District in Illinois, and Brno University Hospital in the Czech Republic. The group also targets universities and was behind the 2020 ransomware attacks on Michigan State University and Columbia College of Chicago
According to a report released by the cybersecurity firm McAfee in August 2020, the NetWalker gang had been paid at least $29 million in ransom payments since March 2020, making it one of the most successful ransomware-as-a-service operations.
The group is known to attack large companies and high value targets, and this year started recruiting affiliates specialized in conducting targeted attacks on large enterprises, especially attacks on firewalls, Virtual Private Networks, web application interfaces, and Remote Desktop Protocol connections. As is the case with other manual ransomware threat groups, data is stolen prior to encryption and is released publicly on dark net sites if the ransom is not paid.
The increase in activity of the gang prompted the FBI to issue a flash alert in July 2020 warning healthcare organizations, educational institutions, private sector companies, and government agencies about the increased risk of attack.