Cyber Incident Victim: Central Kansas Orthopedic Group
Date:
Nov 2019
Location:
United States of America
Summary
Central Kansas Orthopedic Group experienced a ransomware attack where unauthorized actors accessed its systems and deployed ransomware. The organization refused to pay the ransom, restored all medical records from backups, and found no evidence of data exfiltration or misuse during its forensic investigation. Potentially compromised information included patient addresses, dates of birth, driver’s license numbers, health treatment details, insurance numbers, Social Security numbers, and email addresses. Immediate security enhancements were implemented post-discovery, with plans for additional measures based on forensic recommendations. Affected individuals were offered complimentary identity theft protection services, including credit monitoring, a reimbursement policy, and recovery support, alongside a dedicated call center for inquiries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Central Kansas Orthopedic Group (CKOG) discovered a ransomware attack on November 11, 2019, when an unauthorized party deployed ransomware on its computer system. The organization immediately engaged outside legal counsel and a third-party forensic investigator to determine the scope and cause of the breach. CKOG refused to pay the ransom demanded by the attackers and instead restored its systems using available backups, successfully recovering all medical records. While restoration eliminated data loss from encryption, forensic analysis revealed the attackers potentially accessed sensitive patient information during the breach window. This information included patient addresses, dates of birth, driver’s license or state-issued identification numbers, health treatment details, health insurance numbers, Social Security numbers, and email addresses. The forensic investigation found no evidence that personal information was exfiltrated from CKOG’s systems or subsequently misused.
In response to the incident, CKOG implemented immediate security enhancements to block further unauthorized access. The organization committed to adopting additional security protocols based on recommendations from forensic investigators to strengthen its overall security posture. CKOG notified affected patients through a website breach notice posted on January 9, 2020, and formally reported the incident to the U.S. Department of Health and Human Services (HHS) on January 28, 2020. As a precautionary measure, CKOG offered complimentary identity theft protection services through ID Experts’ MyIDCare program to all impacted individuals. This service included 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services. A dedicated call center (1-800-939-4170) was established to address patient inquiries, and enrollment instructions were provided via a secure web portal for accessing the protection benefits. The breach notification emphasized CKOG’s operational recovery through backups and its proactive steps to mitigate potential harm despite no evidence of data misuse.