Cyber Incident Victim: National Ambulatory Hernia Institute

On September 13, 2018, the National Ambulatory Hernia Institute (NAHI) in California experienced a Gamma ransomware attack that disrupted operations and compromised patient data. The attack encrypted files on NAHI's systems, preventing access to critical medical and administrative records. While the organization did not publicly specify initial detection methods or containment timelines, the incident prompted immediate engagement with cybersecurity professionals to investigate the breach and restore systems. NAHI determined through forensic analysis that unauthorized actors accessed files containing protected health information during the ransomware deployment. The institute did not disclose whether a ransom was paid or the specific attack vector used by the threat actors.

NAHI formally reported the breach to the U.S. Department of Health and Human Services (HHS) on October 5, 2018, confirming that 15,974 patients were affected. Compromised data included patient names, physical addresses, dates of birth, medical histories, and treatment information. Some records also contained Social Security numbers and health insurance details, though the notification did not specify the proportion of records containing these sensitive identifiers. The organization posted a prominent breach notice on its website and mailed individual notifications to affected patients, offering complimentary credit monitoring services through a dedicated response line. NAHI implemented enhanced security measures following the attack and cooperated with law enforcement investigations into the Gamma ransomware operation. Patients were advised to review account statements and credit reports for suspicious activity related to the exposed personal information.