Cyber Incident Victim: Faben Obstetrics and Gynecology

On November 21, 2018, Faben Obstetrics and Gynecology (FABEN OB/GYN), a medical practice in Florida, experienced a ransomware attack involving the GandCrab variant. The infection was detected rapidly by the organization, though the specific intrusion method or initial attack vector was not publicly disclosed. In response to the encryption of files, Faben implemented containment measures by deleting the compromised data and restoring systems from backup repositories. This restoration process revealed gaps in their backup coverage, as manually scanned patient documents—such as externally provided lab results or medical reports—were not included in the preserved backups. The practice did not confirm whether it attempted file decryption or engaged with threat actors regarding ransom demands.

The incident potentially exposed personal health information from manually scanned records that could not be recovered through backups. Faben formally reported the breach to the U.S. Department of Health and Human Services (HHS), indicating 6,092 affected patients. Patient notifications commenced by January 14, 2019, though the notification did not specify whether data exfiltration occurred prior to encryption. While a free decryption tool for certain GandCrab versions existed by early November 2018, Faben did not disclose whether their infection involved a decryptable variant or if they utilized available tools. The ransomware’s impact centered on operational disruption during restoration and permanent loss of unsupported patient records, with no additional details provided regarding financial losses, legal actions, or long-term recovery measures beyond the initial response.