Cyber Incident Victim: Midwest Transplant Network
Date:
Feb 2021
Location:
United States of America
Summary
A ransomware attack targeted Midwest Transplant Network, compromising data of over 17,000 organ, eye, and tissue donors and temporarily locking the organization out of its systems before access was restored. The attackers’ identity remained undisclosed, and while the network stated it had no evidence indicating stolen data was sold or distributed, it engaged cybersecurity firm Kroll to assist affected individuals. The entity declined to confirm whether a ransom was paid to resolve the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In February 2021, Midwest Transplant Network experienced a ransomware attack that temporarily locked the organization out of its files. The malicious cyber incident affected personal information belonging to more than 17,000 families of organ, eye, and tissue donors. The network regained access to its systems after a brief disruption but confirmed unauthorized actors had obtained data during the breach. By the week of February 1, 2021, the organization began notifying impacted individuals through mailed letters disclosing the compromise. While operational functions were restored, the attack exposed sensitive donor-related information whose exact nature was not detailed in public communications.
Midwest Transplant Network declined to answer media inquiries about whether it paid ransom to the unidentified attackers. Officials stated they had "no reason to believe" the cybercriminals sold or distributed the stolen data but provided no evidentiary basis for this assertion. As a precautionary measure, the organization contracted cybersecurity firm Kroll to manage inquiries and support affected individuals. The breach did not appear on any known ransomware leak sites at the time of reporting, though this did not confirm whether data deletion or non-disclosure agreements were part of any resolution. No disruptions to transplant operations or clinical systems were reported as a direct consequence of the incident.