Cyber Incident Victim: The Center for Fertility and Gynecology
Date:
Jul 2020
Location:
United States of America
Summary
The Center for Fertility and Gynecology experienced a ransomware attack involving the Netwalker group, compromising its systems. Threat actors accessed sensitive data, posting screenshots as proof of infiltration while threatening to release information unless payment was received. No public breach notification was issued by the organization at the time of reporting, and attackers had not yet published the stolen data. The incident exposed potential risks to patient confidentiality and operational integrity, though specific data types exfiltrated were not detailed in available sources. This attack occurred alongside similar ransomware incidents affecting other healthcare entities, underscoring broader targeting of medical practices by cybercriminal groups.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Center for Fertility and Gynecology, a medical practice based in California, experienced a ransomware attack attributed to the Netwalker threat group in mid-2020. The incident occurred alongside attacks on two other healthcare entities—Piedmont Orthopedics/OrthoAtlanta in Georgia and Olympia House Rehab in California—demonstrating a broader targeting of medical providers during this period. Attackers gained unauthorized access to the Center's systems and deployed ransomware to encrypt data, following the typical Netwalker operational pattern of data exfiltration coupled with extortion demands. Evidence suggests the compromise occurred on or around July 11, 2020, based on timestamps observed in related attacks by the same threat actors against other victims.
Netwalker operators publicly claimed responsibility for the breach and provided proof of compromise by posting screenshots of accessed files on their leak site. These screenshots, intended to verify the authenticity of their access, typically displayed directory structures and file metadata without initially releasing full patient records. The threat actors issued an ultimatum demanding payment under threat of publishing the stolen data, though no actual patient records from The Center for Fertility and Gynecology had been dumped publicly as of August 10, 2020. The compromised data likely contained protected health information given the nature of fertility and gynecological services, though specific data categories were not detailed in available reports. The medical practice did not publish a breach notification on its website following the incident, nor had it responded to media inquiries from DataBreaches.net by the time of reporting. No regulatory filings appeared on the HHS breach portal during the initial disclosure period, leaving the full scope of affected patients unconfirmed through official channels. Operational disruptions to clinical services were not documented in available sources, with the primary confirmed impact being the exfiltration threat and associated reputational risks. The absence of subsequent public data dumps suggests either private resolution between the parties or ongoing negotiations at the time of reporting.