Cyber Incident Victim: Primary Care of Long Island
Date:
May 2022
Location:
United States of America
Summary
A New York medical practice was targeted by the Bl00dy Ransomware Gang, resulting in unauthorized access and exfiltration of sensitive patient data including names, addresses, Social Security numbers, and dates of birth. The attackers claimed encryption of files and server disruption, though the victim’s notification did not acknowledge encryption or ransom demands. Evidence suggested potential compromise of a dental practice’s records through an affiliated technology vendor, though attribution remained unclear. The gang threatened to sell approximately 900 GB of stolen data, impacting over 6,800 patients. Despite the group’s assertions, none of the implicated entities publicly confirmed the attack or disclosed full details of the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Bl00dy Ransomware Gang, first observed on Telegram in July 2022, publicly listed Primary Care of Long Island (PCOLI) and OnCallPractice.com as victims on August 7, 2022. Both entities operated from 820 Suffolk Avenue, Brentwood, New York, a shared location housing multiple medical and dental practices. PCOLI’s breach notification, prominently displayed on its website, indicated the intrusion occurred on or around May 23, 2022, with confirmation on June 8, 2022, that an unauthorized actor potentially exfiltrated files containing patient names, phone numbers, addresses, Social Security numbers, and dates of birth. The notification did not reference file encryption, service disruption, or ransom demands. Evidence shared by the threat actors included images of a patient health insurance card, driver’s license, insurance eligibility documentation, and a dental visit note linked to Brighter Dental Center, another tenant at the same address. This raised questions about whether data originated from Brighter Dental or OnCallPractice, which provided billing, appointment booking, and technology services to medical practices.
PCOLI’s affiliated physician, Dr. Priti Patel, reported a breach impacting 6,877 patients to the U.S. Department of Health and Human Services (HHS) on August 14, 2022, classifying it as a hacking/IT incident. The Bl00dy Ransomware Gang claimed responsibility for compromising PCOLI, OnCallPractice, and Brighter Dental Center, asserting possession of 900 GB of files and threatening to sell the data. They provided a chat snippet allegedly between themselves and Dr. Prashant Patel, owner of Brighter Dental Center, dated May 23, 2022—the same date as PCOLI’s breach onset. Despite this, Brighter Dental Center had not issued a breach notification as of September 11, 2022, exceeding HIPAA’s 60-day reporting window. OnCallPractice’s website remained offline for maintenance throughout this period, and none of the three entities responded to media inquiries. The gang’s Telegram posts advertised ransomware builds for sale and recruitment offers while claiming to have encrypted victim files with a *.bl00dy extension and taken servers offline. By late August, three of four affected subdomains were restored.