Cyber Incident Victim: National Capital Poison Center

On or around December 11, 2017, the National Capital Poison Center (NCPC) disclosed a ransomware incident affecting its call center database. The attack compromised records spanning calls received between January 1, 1997, and October 21, 2017. While NCPC could not confirm whether attackers accessed or exfiltrated data, the exposed database contained sensitive health information provided during poison exposure consultations. This included caller names, names and birthdates of poison exposure victims, physical addresses, telephone numbers, clinical details of exposures, treatment recommendations, email addresses, and in some cases, treating facility names and medical record numbers. The center noted most call records contained only subsets of this information rather than complete datasets. NCPC did not specify the intrusion vector, initial detection method, or precise attack timeline beyond the broad 20-year data exposure window.

In its public notification, NCPC emphasized no reports of actual or attempted misuse of the exposed information had been received. The organization did not disclose whether it paid ransom demands or attempted system restoration from backups, nor did it reveal the total number of affected individuals. The notification omitted technical details about containment measures, forensic investigation methods, or whether decryption succeeded without payment. No information was provided regarding system downtime duration, operational impacts on poison hotline services, or whether third-party cybersecurity firms assisted in incident response. The disclosure focused exclusively on potential data compromise rather than attack remediation specifics or broader organizational consequences beyond the data exposure timeframe.