Cyber Incident Victim: Assured Imaging
Date:
May 2020
Location:
United States of America
Summary
Assured Imaging experienced a ransomware attack where threat actors exfiltrated and publicly leaked protected health information (PHI) from their diagnostic and mobile mammography services. The attackers, identified as Pysa, dumped data containing patient medical record numbers, names, addresses, dates of birth, referring physician details, health insurance information, and mammography pre-screening histories with personal and family medical context. The entity disclosed the breach on its website and reported it to federal regulators, confirming unauthorized access to systems and impacting 244,813 individuals. No Social Security numbers were identified in the initial review of the leaked data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Assured Imaging, a provider of diagnostic and mobile mammography services, experienced a ransomware incident discovered on May 19, 2020. The attackers, identified as Pysa threat actors, subsequently added Assured Imaging to their dedicated leak site on September 13, 2020, publicly listing them as victims. Prior to this leak site posting, Assured Imaging had proactively disclosed the breach on their own website upon discovering the attack. The threat actors exfiltrated and dumped sensitive protected health information (PHI) consisting primarily of mammography pre-screening histories and forms. Analysis of the dumped data by DataBreaches.net revealed the compromised information included patient medical record numbers, full names, addresses, dates of birth, referring physician details, health insurance carrier information, and reasons for scans accompanied by relevant personal and family medical histories. Notably, the reviewed records did not contain Social Security numbers based on initial examination of the leaked files.
On August 26, 2020, Assured Imaging formally notified the U.S. Department of Health and Human Services (HHS) through the required breach reporting mechanism, disclosing that the incident impacted 244,813 patients. This notification occurred 99 days after their May 19 discovery date and prior to the September 13 leak site posting by Pysa. The public disclosure on Assured Imaging's website represented an early warning to patients, though the specific timing relative to the discovery date was not detailed in available reports. The data dump's availability on Pysa's leak site created ongoing risks of misuse, as the exposed health information could facilitate identity theft, insurance fraud, or other malicious activities targeting vulnerable patients. No additional information was provided regarding operational disruptions, ransom demands, or payment negotiations. The incident exemplified the emerging ransomware tactic of double extortion, where attackers pressure victims by both encrypting systems and threatening public data leaks. Assured Imaging's breach ranked among the larger healthcare incidents tracked in 2020 due to its substantial patient impact count.