Cyber Incident Victim: Physicians Spine and Rehabilitation Specialists of Georgia
Date:
Jul 2022
Location:
United States of America
Summary
Physicians Spine and Rehabilitation Specialists of Georgia experienced a data breach involving unauthorized access to its network, which compromised sensitive patient information including names, addresses, Social Security numbers, driver’s license details, medical diagnoses, treatment records, and insurance data. The organization secured its systems, engaged law enforcement and cybersecurity experts, and confirmed that attackers accessed and exfiltrated files, later threatening to publish the stolen information. Notification letters were sent to affected individuals after determining the scope of impacted data, with federal reports indicating nearly 40,000 people were affected. The incident displayed characteristics consistent with a ransomware attack, where threat actors encrypted data and demanded payment to prevent public release of stolen records.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 11, 2022, Physicians’ Spine and Rehabilitation Specialists of Georgia discovered it had been targeted in a cyberattack that occurred the prior week. The unauthorized party gained access to the practice’s computer systems and claimed to have removed sensitive consumer data, threatening to post the stolen information. The Rome-based medical group, specializing in non-surgical pain management treatments, immediately secured its network, notified law enforcement agencies, and engaged an external cybersecurity firm to investigate the breach. Forensic analysis confirmed that attackers accessed files containing protected health information and personally identifiable information. The compromised data included patient names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical diagnoses, treatment details, and insurance information. The practice completed its review of affected files on September 2, 2022, identifying 39,765 impacted individuals as reported to the U.S. Department of Health and Human Services Office for Civil Rights. Data breach notification letters were dispatched that same day, advising victims about the exposure of their sensitive information and recommending protective measures against identity theft. The medical practice did not publicly disclose whether any ransom demands were made or paid during the incident.
Evidence strongly suggests the attack involved ransomware, as hackers encrypted portions of the network and threatened to publish stolen data on the dark web unless undisclosed demands were met. While the practice’s notification letter did not explicitly confirm ransomware deployment, it referenced the attackers’ possession of records and their publication threat—a hallmark of modern ransomware operations. The incident disrupted operations for the 85-employee organization generating approximately $17 million in annual revenue, though the duration of system downtime was not disclosed. Attackers exploited vulnerabilities in the practice’s cybersecurity defenses to install malware that encrypted files and exfiltrated sensitive patient data. The breach exposed patients to heightened risks of medical identity theft, insurance fraud, and financial crimes due to the comprehensive nature of stolen health and identification records. No information was provided regarding whether decryption keys were recovered or if stolen data was subsequently published online. The practice’s response focused on containment through network security measures, third-party forensic investigation, and regulatory compliance through HHS OCR reporting and individual notifications.