Cyber Incident Victim: Christiana Spine Center

On February 25, 2022, Christiana Spine Center in Newark, Delaware, detected a ransomware attack on its systems. The organization immediately implemented containment measures to halt further unauthorized access and mitigate potential damage. Forensic and cybersecurity experts were engaged to investigate the nature and scope of the breach. The investigation confirmed that unauthorized actors had gained access to files containing sensitive patient information. While the attackers deployed ransomware to encrypt files, the forensic review focused on determining whether data exfiltration occurred. The analysis revealed that accessed files included patient names, addresses, phone numbers, Social Security numbers, health insurance identification numbers, and personal health information. No evidence confirmed the theft or misuse of patient data despite the confirmed system access.

The review process identified approximately 3,500 patients whose protected information resided in the compromised files. Christiana Spine Center notified these individuals about the potential exposure of their data following the completion of the forensic investigation. As a remedial measure, the organization offered affected patients complimentary 12-month memberships to a credit monitoring service. The incident did not result in public data leaks or ransom demands attributed to the attack based on available evidence. Operational recovery efforts proceeded alongside the investigation, though specific technical details about system restoration were not disclosed. Christiana Spine Center maintained that no subsequent misuse of patient information had been detected following the containment of the February 2022 incident.