Cyber Incident Victim: Women’s Health Care Group of PA

On May 16, 2017, the Women’s Health Care Group of Pennsylvania (WHCGPA), an obstetrician/gynecology practice based in Oaks, Philadelphia, discovered a ransomware infection affecting one server and one workstation at a practice location. The malware was designed to block access to system files through encryption. IT staff immediately isolated the compromised devices from the network and initiated an internal investigation with assistance from computer forensics experts. Subsequent forensic analysis determined the system had been infected as early as January 2017, with attackers exploiting a security vulnerability to implant the ransomware. The FBI was later notified of the intrusion. The breached server contained limited patient data including names, addresses, dates of birth, Social Security numbers, lab test orders and results, telephone numbers, gender, pregnancy status, medical record numbers, blood type, race, employer details, insurance information, diagnoses, and treating physicians’ names. Financial data and driver’s license information were not stored on the affected systems and remained uncompromised.

WHCGPA restored encrypted files using backup servers, preventing operational disruption or permanent data loss. The organization determined approximately 300,000 individuals were impacted, making this the second-largest health data breach involving ransomware at the time. On July 15, 2017, WHCGPA reported the incident to the Department of Health and Human Services as required under HIPAA, publicly disclosing the breach via its website on July 18. Affected patients were offered one year of complimentary credit monitoring services. WHCGPA concurrently launched a comprehensive review of its information security protocols and practices to strengthen defenses against future attacks. No evidence suggested misuse of patient data, though the incident exposed sensitive health information through a four-month undetected network presence prior to containment.