Cyber Incident Victim: American College of Pediatricians
Date:
Apr 2023
Location:
United States of America
Summary
The American College of Pediatricians was targeted in a coordinated cyberattack intended to intimidate and incapacitate the organization. Hackers made unrelenting attempts to access its key technology structures, including website servers, email, social media accounts, and financial systems. While most attacks were repelled, a breach of an archived website and a Google Drive led to the exposure of internal documents. The incident, described as a hate crime, prompted law enforcement involvement and a costly recovery effort.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 24, 2023, the American College of Pediatricians (ACPeds) began experiencing a coordinated and malicious cyberattack. The attack was described as ongoing, professional, and unrelenting, targeting the organization's key technology structures. The hackers' primary objectives were to intimidate and incapacitate the organization. The attack specifically focused on ACPeds' website servers, its email accounts, and its social media accounts. The group's cybersecurity measures were successful in repelling most of these initial intrusion attempts, preventing a wider breach of its core systems.
Despite these defensive efforts, the attackers did achieve a limited breach. An archived website belonging to ACPeds, which had been unused since 2019, was successfully compromised by the hackers. Furthermore, documents stored on a Google Drive associated with the organization were exposed. Upon discovery of the breach, ACPeds staff immediately took action to contain the incident. They moved to shut down the compromised archived website to prevent further unauthorized access and worked to restrict access to the exposed Google Drive documents.
Subsequent to the breach, the stolen internal documents from the Google Drive were leaked to a journalist at Wired magazine. The article published by Wired used these documents in an attempt to damage the organization's reputation. The article prominently referenced the Southern Poverty Law Center's designation of ACPeds as a "hate group" and focused on the organization's positions regarding gender identity and abortion. The timing of the cyberattack and subsequent leak was noted as likely being connected to a recent major legal victory by ACPeds. Just weeks prior, on April 7, 2023, a federal judge had ruled in favor of ACPeds and other plaintiffs in a lawsuit against the Food and Drug Administration regarding its approval of the abortion drug mifepristone.
In response to the attack, Dr. Jill Simons, the Executive Director of ACPeds and a board-certified pediatrician, formally contacted law enforcement agencies, including the Federal Bureau of Investigation (FBI). In a public statement, Dr. Simons characterized the illegal bullying tactics as amounting to a hate crime. She stated that the recovery from the attack would be costly but affirmed that the organization would not be intimidated. In the days following the initial incident, ACPeds staff worked around the clock to implement enhanced security measures and tighten their overall technological infrastructure.
The organization successfully regained control over the breached archived website. However, the cyberattack persisted as an ongoing threat. As of the morning of May 4, 2023, hackers were still making new attempts to gain access to ACPeds' email distribution platform, demonstrating the sustained and determined nature of the assault. The impact of the incident included the exposure of internal documents, some of which contained personal information. The organization also faced reputational damage due to the hostile reporting that followed the leak of these documents.
Dr. Simons, in her first interview following the attack, stated that the coordinated assault was intended to target several key structures including the group's databases and its financial accounts. She connected the attack to a broader pattern of hostility towards pro-life institutions following the overturning of Roe v. Wade, citing examples such as the vandalism of pregnancy resource centers by the militant group Jane's Revenge. The incident was framed within a context of ideological opposition, with social media posts from the hackers indicating their disdain for ACPeds' scientific positions on gender identity issues.
The primary consequences for ACPeds were operational disruption, financial cost for recovery, and the exposure of sensitive information. The organization, a small nonprofit, acknowledged the challenge of combating sophisticated cyberattacks without an extensive technological infrastructure. Despite these challenges, leadership remained resolute. Dr. Simons declared that the attack had awakened a sleeping giant and that the organization would continue its mission to promote the health and well-being of children, protect biological integrity, and defend conscience rights for healthcare professionals, emerging from the incident stronger than before.