Cyber Incident Victim: Atlanta Perinatal Associates
Date:
Apr 2022
Location:
United States of America
Summary
A ransomware group compromised Atlanta Perinatal Associates, exfiltrating and publicly leaking sensitive patient files spanning several years. The stolen data included ultrasound reports containing patient names, birthdates, medical histories, due dates, physician details, and personal health factors like substance use and family histories. Additional compromised records held health insurance information and credit card payment details from patient visits. While personnel and payroll folders appeared largely empty, some payroll-related files were identified in the leak. The attackers claimed full access to the data but did not encrypt systems, focusing instead on data theft and extortion through public exposure of sensitive medical information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early April 2022, Atlanta Perinatal Associates, a Georgia-based medical practice specializing in obstetrics, experienced a cybersecurity incident involving unauthorized access to its systems. The ransomware group Vice Society claimed responsibility for the breach, publicly listing the practice on its data leak site on or around May 19, 2022, and simultaneously releasing files allegedly exfiltrated during the attack. Preliminary analysis of the leaked data indicated unauthorized access occurred between 2019 and April 9, 2022, with the attackers targeting patient records rather than core electronic medical record or billing systems. The compromised files primarily consisted of ultrasound reports spanning multiple years, each containing extensive personal and medical details including patient names, dates of birth, unique patient identifiers, expected delivery dates, referring physicians, sonographer notes, medical histories, allergy information, substance use histories, and social/family health factors. Additional compromised records included obstetrics-related clinical documents, health insurance information, and credit card payment details from patients who made in-person payments during visits. While directory structures suggested potential access to personnel and payroll systems, most corresponding folders appeared empty except for isolated payroll and direct deposit files.
The breach exposed highly sensitive reproductive health information without evidence of file encryption, though Vice Society’s operational tactics typically involve both data theft and ransomware deployment. Impacts included the public disclosure of protected health information affecting an unspecified number of patients, with particular risks stemming from exposed credit card data and detailed clinical histories. Ultrasound reports, structured as six-page documents, revealed comprehensive patient profiles that could facilitate identity theft or targeted social engineering. DataBreaches.net attempted to verify incident details through outreach to Atlanta Perinatal Associates via their website contact form and to Vice Society via email, but received no responses from either party. The practice did not publicly acknowledge the incident or disclose containment measures, response timelines, or forensic findings through available sources. The absence of insurance information or Social Security numbers in the ultrasound files potentially limited some financial risks, though the combination of health data with payment details created multifaceted privacy and security concerns for affected individuals.