Cyber Incident Victim: Akumin Inc.

On October 11, 2023, Akumin Inc., an outpatient radiology and oncology services provider, identified suspicious activity within its information technology network, later confirmed as a ransomware attack. The company immediately initiated containment protocols by shutting down affected systems to prevent further spread, resulting in significant operational disruptions. These disruptions impaired Akumin’s ability to deliver services to business partners and patients across its network. By October 13, 2023, the company partially restored operations, resuming treatment for some patients while continuing system recovery efforts. Akumin launched an internal investigation and retained specialized cybersecurity legal counsel, which coordinated with digital forensics advisors to assess the breach’s scope and origin. The incident was reported to law enforcement agencies, though specific investigative partners were not disclosed in regulatory filings.

The ransomware attack necessitated notifications to potentially impacted business partners, with ongoing obligations to inform affected individuals as required by law. Akumin’s October 16, 2023, SEC filing highlighted risks including unauthorized access to sensitive data, financial losses from operational downtime, remediation costs, litigation exposure, regulatory penalties, and reputational damage. The company acknowledged uncertainties regarding the attack’s full impact, particularly whether patient or employee data was exfiltrated or compromised. Concurrently, Akumin faced financial strain unrelated to the cyber incident, evidenced by a separate October 16 agreement extending a cash interest payment deadline for its Series A Note to October 20, 2023. Recovery efforts remained ongoing, with no public confirmation of ransom payments or full restoration timelines as of the latest disclosures.