Cyber Incident Victim: Plastic Surgery Associates
Date:
Feb 2017
Location:
United States of America
Summary
A ransomware attack compromised systems at Plastic Surgery Associates, potentially exposing sensitive patient records including names, addresses, Social Security numbers, driver's license details, medical diagnoses, lab results, and health insurance information. The organization engaged third-party investigators but could not definitively rule out unauthorized access to a limited number of records due to unavailable evidence during remediation efforts. Approximately 10,200 individuals were notified of potential data exposure, though no evidence suggested actual misuse of information. The incident was reported to federal health authorities, with affected parties offered complimentary credit monitoring services while the firm implemented enhanced security measures to strengthen data protections.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Plastic Surgery Associates of South Dakota discovered ransomware infecting some of its systems on February 12, 2017, prompting an immediate response to remove the malware and decrypt affected systems. The organization engaged third-party experts to investigate potential unauthorized data access during the incident. While investigators ruled out compromise for most medical records, critical evidence became unavailable during system cleanup efforts, hindering definitive conclusions about data exposure. By April 24, 2017, the company determined it could not exclude unauthorized access to a limited number of patient records and issued a public notification on July 28, 2017, out of caution. Potentially compromised information included names, addresses, dates of birth, Social Security numbers, driver's license or state identification numbers, medical conditions, diagnoses, lab results, and health insurance details. The breach impacted patients across the organization's locations in Sioux Falls, Dakota Dunes, Yankton, Watertown, Mitchell, and Spencer, Iowa, with approximately 10,200 individuals notified about potential exposure. Plastic Surgery Associates emphasized it found no evidence of actual misuse of patient data resulting from the incident.
The organization reported the breach to the U.S. Department of Health and Human Services as required by healthcare data regulations. Affected individuals received offers for one year of complimentary credit monitoring services to detect potential identity theft or fraud. Plastic Surgery Associates advised patients to monitor account statements, credit reports, and insurance explanation of benefits forms for suspicious activity. The company described existing security measures as stringent but announced plans to implement additional safeguards following the breach. No technical details about the ransomware variant, attack vector, or encryption methods were disclosed publicly. Internal investigations focused on system restoration and evidence collection, though critical forensic data was lost during remediation efforts. Patient privacy and data security were characterized as organizational priorities throughout the disclosure process.