Wilmington Surgical Associates Ransomware Attack Impacts Over 14,000 Patients

The NetWalker ransomware group has claimed it is behind a ransomware attack that took place on the North Carolina-based surgical center, Wilmington Surgical Associates in October 2020.

The group say that they illegally accessed and removed around 13GB of data before launching NetWalker ransomware and encrypting files. The stolen batch of data held thousands of documents containing sensitive data.

There has been no breach notification made available for public review as of yet. However, the ransomware attack has now been included on the HHS’ Office for Civil Rights breach website and indicates that the PHI of 114,834 patients was compromised in the breach.

The NetWalker ransomware group focuses on healthcare providers and the gang launched more attacks than ever during 2020. The group was to blame for the ransomware attack on the University of California San Francisco and stole sensitive and valuable research details. The University said that it no option other than to pay the $1.14 million ransom to retrieve the encrypted data.

Other healthcare suppliers that were targeted with NetWalker ransomware this year include the Crozer-Keystone Health System in Philadelphia, the Champaign-Urbana Public Health District in Illinois, and Brno University Hospital in the Czech Republic. The group also targets academic bodies and was responsible for the 2020 ransomware attacks on Michigan State University and Columbia College of Chicago

An official report published by the cybersecurity firm McAfee in August 2020 claimed that the NetWalker gang had earned a minimum of $29m in ransom payments since March 2020, making it one of the most profitable ransomware-as-a-service operations.

The group is renowned for it’s attacks on large firms and high value targets, and this year began hiring affiliates specialized in carrying out targeted attacks on large enterprises, especially attacks on firewalls, Virtual Private Networks, web application interfaces, and Remote Desktop Protocol links. As is typically the case with other manual ransomware threat groups, data is stolen before encryption and is made available on dark net sites if the ransom demand is not met.

The growth in activity of the group led to the FBI releasing a flash alert in July 2020 warning healthcare bodies, educational institutions, private sector firms, and government entities in relation to the heightened dangers of attacks taking place.

Author: Maria Perez