Cyber Incident Victim: Golden Heart Administrative Professionals
Date:
Jul 2018
Location:
United States of America
Summary
A ransomware attack on Golden Heart Administrative Professionals, an Alaska-based billing company, potentially exposed protected health information of 44,600 patients after malware was downloaded to a server. The company advised assuming all client data was compromised, notified affected individuals and law enforcement, and initiated recovery efforts, marking a significant healthcare data breach in the region.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Golden Heart Administrative Professionals ransomware attack was discovered on or around July 20, 2018, impacting the Fairbanks, Alaska-based billing company that served as a business associate for multiple healthcare providers in the state. Unauthorized actors deployed ransomware onto a server containing protected health information (PHI), potentially compromising data belonging to 44,600 patients. The company issued a public statement instructing that "All client patient information must assume to be compromised," indicating broad exposure of sensitive data. Golden Heart immediately notified local and federal law enforcement agencies about the cyberattack and initiated file recovery efforts. This incident represented the largest healthcare data breach reported during July 2018 and marked the second major cybersecurity event affecting an Alaska healthcare entity that month, following an earlier malware infection at the Alaska Department of Health and Social Services that impacted over 500 individuals.
The attack occurred amidst a continuing pattern of ransomware targeting healthcare organizations despite broader industry reports suggesting declining ransomware incidents due to cybercriminals shifting focus to cryptocurrency mining. Earlier in July 2018, LabCorp experienced a SamSam ransomware attack via brute-force remote desktop protocol (RDP) exploitation, potentially compromising millions of patient records before containment within 50 minutes. Days prior to the Golden Heart disclosure, Cass Regional Medical Center in Missouri suffered a similar brute-force RDP attack that disabled critical systems for 10 days, forcing emergency ambulance diversions for stroke and trauma cases. The Golden Heart incident shared operational parallels with these attacks through server compromise leading to operational disruption, though specific technical details about the ransomware variant or initial attack vector remained undisclosed in available reports. Recovery timelines and whether ransom payments occurred were not publicly confirmed by the company.