Cyber Incident Victim: Piedmont Orthopedics
Date:
Jul 2020
Location:
United States of America
Summary
Piedmont Orthopedics/OrthoAtlanta experienced a ransomware attack by the Pysa (Mespinoza) threat actors, resulting in the exfiltration and public dumping of over 3.5 GB of sensitive data. The compromised information included detailed patient medical records containing names, dates of birth, contact details, diagnoses, surgical histories, laboratory results, cardiograms, and insurance documentation, alongside business-related files. The Atlanta-based orthopedic practice had not issued a public disclosure or notification regarding the breach at the time of reporting, with no response provided to inquiries about the incident. Attackers released the stolen data, demonstrating significant exposure of protected health information without evidence of mitigation efforts by the organization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In July 2020, Piedmont Orthopedics/OrthoAtlanta, an Atlanta-based orthopedic practice group, experienced a ransomware attack attributed to the Pysa (Mespinoza) threat actors. The attackers exfiltrated over 3.5 GB of data, which they subsequently dumped publicly. Forensic analysis of the leaked files indicated the data theft likely occurred on or around July 11, 2020, based on timestamps within the archived material. The compromised data included extensive business records and highly sensitive patient health information. Exposed medical details encompassed patient names, dates of birth, physical addresses, contact information, specific diagnoses, surgical procedure documentation, laboratory test results, cardiograms, and comprehensive insurance information. The breadth of exposed data constituted a significant exposure of protected health information (PHI), with individual patient records spanning multiple pages of clinical documentation. The attackers' data dump demonstrated systematic access to both administrative systems and medical records, though the exact intrusion vector remained unspecified in available reports.
Piedmont Orthopedics did not publicly acknowledge the breach at the time of initial reporting in August 2020, with no notifications visible on their website or through the U.S. Department of Health and Human Services' breach portal. DataBreaches.net attempted to obtain confirmation and additional details from the organization but received no response prior to publication. This incident occurred within a broader pattern of ransomware targeting Atlanta-area orthopedic providers, following earlier breaches by thedarkoverlord threat group against Athens Orthopedic Clinic and Peachtree Orthopedic in 2016. Concurrently, other U.S. medical facilities faced similar attacks, including The Center for Fertility and Gynecology and Olympia House Rehab in California, both compromised by Netwalker ransomware operators who issued payment demands while threatening data disclosure. The Pysa group's publication of Piedmont's data eliminated any possibility of containing the exposure, leaving affected patients without immediate recourse or official communication regarding the compromise of their sensitive health information.