Cyber Incident Victim: Dr. Atadan Egemen Koyuncu

On July 5, 2020, a cyberattack compromised the patient information system of Dr. Atadan Egemen Koyuncu's medical practice in Turkey. The breach was detected the following day, July 6, prompting notification to the Turkish Data Protection Authority (KVKK), which publicly disclosed the incident on July 9, 2020. The attackers deployed ransomware that encrypted or otherwise disabled access to the patient database, though the specific malware variant remained unidentified. This system disruption prevented the data controller from determining the precise number of affected individuals, though initial estimates suggested approximately 10,000 patients had their personal and medical records compromised. The ransomware's operational mechanisms weren't detailed in the KVKK announcement, nor was there confirmation about whether the attackers exfiltrated data beyond encrypting the systems.

The attack rendered the patient information system permanently inaccessible to the medical practice, eliminating any possibility of auditing historical records to verify the breach's full scope. KVKK's notification emphasized the irreversible nature of the system compromise while refraining from commenting on potential data restoration prospects or whether the practice paid any ransom demands. No patient notification efforts were described in available reports, and the authority's statement provided no details about containment measures implemented post-discovery. The incident's primary documented impact centered on the complete operational disruption of medical record systems and the confirmed exposure of sensitive health data belonging to thousands of patients. Ongoing technical challenges prevented investigators from establishing whether the attackers maintained persistent access to the practice's network after the initial encryption event.