Cyber Incident Victim: Vascular Surgical Associates
Date:
Mar 2016
Location:
United States of America
Summary
Vascular Surgical Associates experienced a hacking incident involving unauthorized access to a server via a compromised vendor password during a software upgrade, with attackers potentially residing in other countries. The breach occurred over several months before detection, exposing current and former patients' medical records and demographic details like birth dates and addresses, though no financial data or Social Security numbers were stored on the affected server. The organization secured the compromised system, initiated forensic investigations, notified impacted individuals, and established a dedicated call center while reporting the incident to federal authorities including the FBI and Department of Health and Human Services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Vascular Surgical Associates discovered suspicious activity involving one of their computer servers on or about September 13, 2016, prompting an immediate investigation. Forensic analysis revealed unauthorized access to the server had occurred over approximately six months, beginning around March 25, 2016, until detection on September 13. The breach originated from a compromised vendor password exploited during a software application upgrade, enabling external hackers believed to reside in other countries to infiltrate the system. While investigators could not confirm whether specific patient records were accessed or exfiltrated, the compromised server contained protected health information for current and former patients, including medical records and demographic details such as dates of birth and addresses. The organization confirmed no Social Security numbers, financial data, credit card information, or bank details were stored on the affected server. The intrusion did not impact the patient portal or disrupt clinical operations. Internal IT staff secured the server immediately upon verifying unauthorized access through forensic evaluation, preventing further exploitation.
Vascular Surgical Associates notified potentially affected patients through individual letters that outlined protective steps and acknowledged the inability to definitively confirm data misuse. The organization established a dedicated toll-free call center operational Monday through Friday to address patient inquiries. They reported the incident to the FBI and the U.S. Department of Health and Human Services Office for Civil Rights, both of which initiated investigations. The breach was attributed solely to external actors exploiting vendor credentials, with no involvement suspected among internal staff. While emphasizing no financial data exposure occurred, the organization advised patients to monitor their accounts for unusual activity over the following year as a precautionary measure. The forensic investigation confirmed the attackers' access pathway and containment effectiveness, though the ultimate motivation and identity of the foreign-based hackers remained unresolved through the organization's inquiry.