Cyber Incident Victim: Taylor Made Diagnostics
Date:
Dec 2020
Location:
United States of America
Summary
Taylor Made Diagnostics, an occupational health services provider, suffered a ransomware attack by Conti threat actors resulting in unauthorized access and exfiltration of sensitive patient data. Compromised information included names, addresses, dates of birth, Social Security numbers, driver's license images, medical histories, and lab results, with filenames containing identifiable patient details. The attackers leaked unencrypted files containing protected health information to pressure the organization into negotiations, though the victim did not publicly acknowledge or respond to inquiries about the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In December 2020, Taylor Made Diagnostics (TMD), an occupational health services provider based in Newport News, Virginia, was compromised by the Conti ransomware group. The threat actors exfiltrated and publicly disclosed unencrypted patient files containing protected health information (PHI) to pressure the organization into negotiations. Founded in 1995 by registered nurse Carolyn Taylor, TMD operated clinics offering drug testing, fitness evaluations, vaccinations, and other occupational health services in Virginia’s Hampton Roads region. Conti uploaded over a dozen files to their leak site, revealing extensive personal and medical data on individuals referred for evaluations by clients, including U.S. Coast Guard applicants. The compromised records included full names, addresses, dates of birth, phone numbers, partial and full Social Security numbers, driver’s license images, medical histories, lab results, and fitness assessment details. Files spanned 20–30 pages per individual, with filenames structured to include patients’ last names, first initials, and dates of birth, further exposing identifiable information. DataBreaches.net confirmed the authenticity of the leaked data through direct review but received no response from TMD regarding the breach or Conti’s claims despite multiple inquiries.
The incident exposed highly sensitive PHI with long-term risks for identity theft and fraud, particularly as records included government-related fitness evaluations. While the unstructured format of the dumped files (forms and documents rather than databases) complicated immediate misuse, the inclusion of Social Security numbers, insurance details, and diagnostic information created significant privacy risks. Conti’s data release appeared strategically timed to escalate pressure on TMD, though the organization’s lack of public acknowledgment left patients uninformed about potential exposure. No containment efforts, forensic details, or system recovery actions were disclosed by TMD. The breach highlighted operational vulnerabilities, as unencrypted PHI was accessible to attackers, and the filename conventions inadvertently revealed patient identifiers. No updates regarding victim notifications or regulatory disclosures were confirmed, leaving the full scope of impacted individuals and remediation measures undocumented in available sources.