Three more medical practices hit by ransomware

Atlanta does not seem to be a safe place for cybersecurity of orthopedic patients’ data. In 2016, orthopedic clinics in Atlanta got clobbered by two big breaches involving thedarkoverlord. The first was a hack and extortion demand on Athens Orthopedic Clinic, an organization that had more than a dozen locations but somehow didn’t have enough insurance to offer their patients any complimentary credit monitoring services. We also learned about a second hack and extortion attempt by thedarkoverlord against Peachtree Orthopedic, who after initially (and falsely) claiming that I had my facts all wrong, finally disclosed their breach, only to have more than 500,000 patients’ data dumped by thedarkoverlord shortly thereafter.

Now another chain of Atlanta orthopedic centers has been hit by threat actors. This time, it is Piedmont Orthopedics / OrthoAtlanta that has been hit, and by Pysa (Mespinoza) threat actors.

Pysa threat actors list their “partners” as they call their victims.

The threat actors have already dumped more than 3.5 GB of data. Much of it is information about rentals and business aspects, but looking through the files, I found a number of highly detailed medical records on patients that include their name, date of birth, address and contact information, diagnosis, surgical details, laboratory tests, cardiograms, and insurance information — pages and pages of protected health information. The files may have been exfiltrated on July 11, looking at the time-stamps in the dumped archive.

There is no notice on the medical group’s website and nothing on HHS’s public breach tool at this time. sought a statement and additional details from the medical group but did not get a reply by publication time. This post will be updated if a reply is received.

But Piedmont Orthodpedics/OrthoAtlanta is not the only medical group to have been hit recently by ransomware. The Center for Fertility and Gynecology in California and Olympia House Rehab, also in California, have both been recently hit by Netwalker ransomware. Neither one of those latter entities has any notice on their web sites, and the attackers have not yet dumped any of their data, although they have posted some screenshots as proof of access and are threatening to dump data soon if their victims don’t pay up. also reached out to the Netwalker victims  for additional details and any statement, but also received no reply from them by publication time.


About the author: Dissent

Comments are closed.