Cyber Incident Victim: Peachtree Neurological Clinic

Peachtree Neurological Clinic (PNC) experienced two distinct cybersecurity incidents discovered through a ransomware investigation in 2017. The clinic's electronic medical records (EMR) system was encrypted by a ransomware virus that demanded payment for file decryption. PNC refused to pay the ransom and instead restored system functionality using backup records, maintaining uninterrupted patient care throughout the incident. Post-incident scans detected no residual ransomware presence, and investigators found no evidence of data exfiltration during this encryption event. However, the ransomware investigation revealed a separate, previously undetected unauthorized access incident. Unidentified individuals had infiltrated PNC's systems between February 2016 and May 2017 without the clinic's knowledge, establishing prolonged access to their network infrastructure.

The historical breach exposed potential access to sensitive patient information including names, addresses, telephone numbers, Social Security numbers, dates of birth, driver's license numbers, treatment details, prescription records, and health insurance information. While PNC could not confirm whether attackers actually viewed or extracted specific data, forensic analysis verified unauthorized system access had occurred. The clinic notified all potentially affected patients about both security events as a precautionary measure, offering complimentary identity theft protection services. PNC reported the incidents to law enforcement authorities and committed to cooperating with investigations. The dual disclosure highlighted security vulnerabilities across different time periods, with the ransomware incident serving as the detection mechanism for the older compromise. Clinic management publicly acknowledged the breaches and expressed regret for potential patient concerns while maintaining treatment operations throughout both events.