Bolton Street Pediatrics
| Primary URL | Location | Industry | www[.]boltonstreetpediatrics[.]com |
Country
United States of America
|
Healthcare
|
|---|
Profile
Bolton Street Pediatrics operates as a healthcare provider in the United States, focusing on pediatric medical services for infants, children, and adolescents. The organization delivers clinical care, managing patient health records and treatment plans within its practice. As a medical entity handling sensitive health information, it falls within a sector increasingly targeted by cybercriminals seeking valuable personal data. The nature of pediatric healthcare involves maintaining detailed medical histories, which include diagnoses, treatment records, and personal identifiers such as Social Security numbers, making such organizations high-value targets for ransomware attacks.
On February 23, 2021, Bolton Street Pediatrics experienced a significant security incident when the Pysa threat actor group launched a ransomware attack against its systems. Pysa exfiltrated confidential patient data prior to encrypting files, compromising the personal and medical information of over 1,000 individuals. The stolen data encompassed medical histories and Social Security numbers, posing substantial privacy and identity theft risks for affected patients. Despite clear evidence of the breach, Bolton Street Pediatrics did not issue a public disclosure or notify the impacted individuals, diverging from common breach response practices in the healthcare industry. This lack of transparency contrasts with the actions of three peer healthcare entities that reported similar incidents to regulators and communicated directly with patients during the same period. Pysa is known to operate a dark web leak site where it publishes stolen data from victims who refuse to pay ransoms or cooperate, and organizations that fail to disclose breaches often see their exfiltrated information released publicly. The incident underscores the challenges faced by healthcare providers in balancing ransom demands, regulatory obligations, and patient trust, while highlighting the persistent threat posed by groups like Pysa to the medical sector's data security.