Cyber Incident Victim: Overlake Obstetricians & Gynecologists
Date:
Nov 2020
Location:
United States of America
Summary
Overlake Obstetricians & Gynecologists fell victim to a ransomware attack by the Pysa threat actor group, which deployed Mespinoza malware to exfiltrate and encrypt sensitive data. The attackers compromised over 8,900 patient files containing personal and medical information, including Social Security numbers and health histories, but the entity did not publicly disclose the breach or notify affected individuals despite evidence of exposure. This incident mirrored patterns observed in other healthcare sector attacks by Pysa, where uncooperative victims had stolen data listed on dark web leak sites to pressure ransom payments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late November 2020, Overlake Obstetricians & Gynecologists (Overlake OB/GYN) experienced a cybersecurity incident involving the Pysa ransomware group, also known as "Protect Your System Amigo." Pysa threat actors deployed mespinoza ransomware after exfiltrating sensitive patient data, a tactic consistent with their operations since 2018. The group, classified as "big-game hunters" by the FBI and CNIL due to their targeting of high-value sectors, specialized in compromising medical and educational entities. Overlake OB/GYN’s breach resulted in the exposure of over 8,900 patient files containing personally identifiable information and protected health data, including Social Security numbers and medical histories. The attackers typically threatened to publish stolen data on their dark web leak site if ransoms were not paid, though no explicit confirmation of a ransom demand to Overlake was disclosed publicly. The incident aligned with a broader campaign impacting at least 11 U.S. medical entities during this period, with varying levels of transparency from victims.
Overlake OB/GYN did not issue a public breach disclosure or notify the U.S. Department of Health and Human Services (HHS) despite evidence of data exposure, contrasting with three other affected entities—Assured Imaging, OrthoAtlanta, and Woodholme Gastroenterology—that reported incidents and issued patient notifications. No containment measures, forensic findings, or remediation steps by Overlake were documented in available sources. The confirmed consequences included the unauthorized access and potential dissemination of sensitive patient records, creating risks of identity theft and medical privacy violations. Pysa’s established pattern of leaking non-paying victims’ data suggested ongoing exposure threats for affected individuals. The lack of public response left the scope of operational disruptions, legal repercussions, and patient communications unclear, with no subsequent updates or regulatory filings identified in the source material.