Cyber Incident Victim: Fmchealth
Date:
Aug 2022
Location:
United States of America
Summary
A ransomware group targeted Family Medicine Centers (FMC Clinics) and BSA Hospice of the Southwest, exfiltrating over 272,000 files in a combined data leak after abandoning encryption attempts due to system blocks. The attackers claimed the entities operated as a joint business, citing FMC's network containing BSA Hospice credentials, though initial analysis questioned this connection. Subsequent findings suggested organizational ties between FMC Palliative Care and FMC Clinics, potentially validating the attacker's assertion of a unified system compromise. No official breach disclosures or victim statements were publicly available at the time of reporting, and the incident exposed sensitive data from both healthcare providers through a single unauthorized data dump.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around August 26, 2022, the ransomware group Vice Society listed two Texas-based healthcare entities—BSA Hospice of the Southwest and Family Medicine Centers (FMC Clinics)—as victims on their dedicated leak site. The group released a combined data dump exceeding 272,000 files, commingling data from both organizations. Initial scrutiny revealed files related to BSA Hospice patients within the leak, raising uncertainty about whether both entities were directly compromised or if one attack facilitated access to both. Vice Society asserted the breaches were interconnected, claiming FMC’s network contained credentials and authorizations for BSA Hospice users, which they characterized as evidence of a "joint business." This claim was initially met with skepticism, as healthcare entities often share system access for patient care without formal business integration. No public statements, press releases, or regulatory filings from either organization were identified at the time of the incident. FMC did not respond to repeated inquiries despite acknowledging receipt, and BSA Hospice provided no immediate reply.
Subsequent analysis by a third party (BetterCyber) identified branding similarities between FMC Palliative Care and FMC Family Medicine Centers, suggesting organizational ties that supported Vice Society’s assertion of a unified network. The attackers confirmed they attempted but failed to encrypt the systems due to being blocked, opting instead to exfiltrate data without deploying ransomware. The leak contained sensitive patient information, though neither the exact data types nor the number of affected individuals were disclosed in available sources. No containment actions, remediation efforts, or victim communications were documented in the immediate aftermath. Regulatory notifications to the U.S. Department of Health and Human Services or the Texas Attorney General’s office had not been publicly reported as of the article’s publication date. The incident underscored operational ambiguities in attributing breaches across affiliated healthcare providers and highlighted the group’s adaptability in pivoting to pure data theft when encryption was thwarted.