Over 114,000 Patients’ Data Exposed Due to the Wilmington Surgical Associates Ransomware Attack

In October 2020, the NetWalker ransomware gang stated it attacked the Wilmington Surgical Associates surgical center based in North Carolina. The gang also stated that before deploying the Netwalker ransomware to encrypt files, it had stolen approximately 13GB of documents that contain sensitive information.

The report on the ransomware attack is now posted on the HHS’ Office for Civil Rights breach portal indicating that the attack resulted in the compromise of the protected health information (PHI) of 114,834 patients.

The NetWalker ransomware gang has increased its attacks in 2020 on targeted healthcare providers. It was responsible for the University of California San Francisco ransomware attack which also involved theft of sensitive and valuable research information. The University paid the ransom amounting to $1.14 million to retrieve the encrypted data.

The NetWalker ransomware gang also attacked the following healthcare providers last 2020: the Champaign-Urbana Public Health District in Illinois, the Crozer-Keystone Health System in Philadelphia, and the Brno University Hospital in the Czech Republic. Besides healthcare providers, the group also targeted universities such as the Columbia College of Chicago and Michigan State University.

Cybersecurity company McAfee released a report in August 2020 stating that the NetWalker gang had received ransom payments of at least $29 million since March 2020. The gang is considered to be very successful in its ransomware-as-a-service operations.

The group was found to have attacked big companies and high value targets this 2020 as well. It even recruited affiliates with speciality in performing targeted attacks on big companies that involved attacks on firewalls, web application interfaces, Virtual Private Networks, and Remote Desktop Protocol connections. Just like in the operations of other manual ransomware threat groups, the attacks involved data theft before file encryption. If the victims do not pay the ransom, the stolen information is released on dark net sites.

Because of the growing activities of the NetWalker ransomware gang, the FBI issued a flash alert in July 2020 to warn healthcare providers, educational entities, private sector firms, and government institutions concerning the higher risk of attack.