Cyber Incident Victim: Austin Cancer Centers
Date:
Jul 2021
Location:
United States of America
Summary
Austin Cancer Centers experienced a ransomware attack that disrupted operations, forcing a two-week system shutdown while manually maintaining patient care. The breach compromised personal and medical data—including names, social security numbers, diagnoses, insurance details, and lab results—for over 36,000 patients, with a limited number also exposed through mailed credit card information. Mitigation services were offered via Equifax, though no evidence of data misuse was identified. The intrusion reportedly leveraged sophisticated evasion techniques during system access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 21, 2021, Central Texas Medical Specialists PLLC, operating as Austin Cancer Centers (ACC), experienced a ransomware attack that compromised their systems. The intrusion remained undetected until August 4, 2021, when ACC discovered the breach and immediately shut down all technology systems while contacting law enforcement. Forensic investigators determined the attacker used what ACC described as "sophisticated technology" to maintain stealth within the network, though industry observers noted such claims frequently overstate common intrusion techniques. The investigation required 14 days to fully identify, analyze, and release information about the compromise, during which all technological systems remained offline. This forced ACC staff to manually maintain clinical operations and patient care workflows while systems were incapacitated. The organization publicly disclosed the incident on its website on August 27, 2021, through a security breach FAQ page.
The ransomware attack exposed protected health information of 36,503 patients, with compromised data including full names, addresses, dates of birth, Social Security numbers, medical diagnoses, diagnostic codes, procedural terminology codes, insurance details, lab results, medications, and related treatment information. A limited number of patients who had mailed handwritten credit card information to ACC offices also had payment card details affected. ACC maintained system shutdowns throughout the 14-day forensic investigation period to contain the breach, causing operational disruptions that required manual workarounds for clinical support. The organization began mailing notification letters to affected patients during the week of September 13, 2021, and formally reported the breach to the Maine Attorney General’s Office on September 15, 2021. As remediation, ACC offered affected individuals complimentary credit monitoring and identity protection services through Equifax, while emphasizing continued patient care delivery throughout the manual operations phase.