Cyber Incident Victim: Alamance Skin Center

On October 21, 2020, Alamance Skin Center, a medical practice operating under Cone Health in Burlington, North Carolina, experienced a ransomware attack. The Greensboro-based health system publicly disclosed the incident, attributing the compromise to either a phishing scam or brute force attack that enabled unauthorized access to their systems. The attackers deployed ransomware following initial network infiltration, though the specific variant and encryption mechanisms remained unspecified in the announcement. Cone Health did not detail whether patient data was exfiltrated or encrypted during the event, nor did they confirm the operational disruption severity at the dermatology practice. The attack targeted a single facility within the larger health network, with no indication of broader Cone Health system compromise at the time of reporting.

Cone Health’s disclosure provided no information regarding detection methods, containment timelines, or recovery procedures implemented post-incident. The organization did not specify whether law enforcement was engaged or if ransom demands were received or paid. Third-party reporting by Andy Warfield via the Triad Business Journal indicated the health system issued its statement within days of the attack’s execution, though exact notification dates to patients or regulators were undisclosed. No patient communications or offers of credit monitoring were referenced in the initial coverage, suggesting potential limitations in immediate impact assessment. The attack represented a localized cybersecurity event within Cone Health’s network of care providers, with investigation and remediation efforts likely managed internally or through contracted incident response teams based on standard healthcare sector protocols.