Cyber Incident Victim: Wilmington Surgical Associates
Date:
Oct 2020
Location:
United States of America
Summary
Wilmington Surgical, a North Carolina-based healthcare provider, experienced a ransomware attack by the NetWalker group, resulting in unauthorized access to their systems and potential exposure of sensitive patient information. The attackers publicly listed the organization on their dedicated leak site, displaying directory screenshots of the compromised files, though specific data contents were not detailed in available reports. Despite multiple inquiries from cybersecurity researchers, the entity did not publicly acknowledge the incident or provide notifications through official channels, including their website or regulatory platforms, leaving the full scope of impacted individuals and data types unverified at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around October 21, 2020, NetWalker ransomware operators added Wilmington Surgical, a North Carolina-based surgical group, to their dedicated leak site. The threat actors posted screenshots displaying directories of files from the group's systems as proof of access, though the specific contents of these files were not detailed in the publicly visible evidence. This incident followed NetWalker's established pattern of exfiltrating data before encrypting victims' systems and using dedicated leak sites to pressure organizations into paying ransom demands. DataBreaches.net contacted Wilmington Surgical on October 21, 2020, seeking information about the incident and their response measures, but received no reply. A follow-up inquiry on November 4, 2020, also yielded no response from the practice. As of the publication date of the source material (November 8, 2020), no breach notification appeared on Wilmington Surgical's website, nor was there any entry on the U.S. Department of Health and Human Services' public breach portal. State attorney general websites that publish breach reports similarly contained no filings related to this incident during the observation period.
The absence of public disclosures left the scope and nature of compromised data unclear, though NetWalker's historical attacks on healthcare entities typically involved patient information. Other NetWalker victims listed in the same timeframe, such as Olympia House and The Center for Fertility and Gynecology, had confirmed patient data exposures including names, admission dates, and health insurance details. Wilmington Surgical's lack of communication prevented independent verification of whether protected health information (PHI) or personally identifiable information (PII) was exfiltrated. Operational impacts on the surgical group's services were not publicly documented. The incident occurred amid heightened ransomware activity targeting healthcare providers during the COVID-19 pandemic, with NetWalker specifically cited in a September 24, 2020, HHS cybersecurity alert warning about increased attacks on the sector. No further details regarding containment efforts, forensic investigations, or patient notifications were available through official channels or subsequent updates in the source material.