Ransomware Attack on Wilmington Surgical Associates Exposed Over 114,000 Patient’s Data

Last October 2020, the NetWalker ransomware gang launched an attack on the Wilmington Surgical Associates surgical center located in North Carolina. Prior to deploying the Netwalker ransomware to do file encryption, the gang stole 13GB of records with sensitive data.

The HHS’ Office for Civil Rights breach portal already posted about the ransomware attack indicating that it has compromised 114,834 patients’ protected health information (PHI).

The NetWalker ransomware gang has conducted more attacks on its healthcare company targets this 2020. It attacked the University of California San Francisco and stole sensitive and valuable research data. The University paid $1.14 million worth of ransom to unlock the encrypted data.

The NetWalker ransomware gang likewise conducted the attacks on these healthcare providers: the Brno University Hospital in the Czech Republic, the Champaign-Urbana Public Health District in Illinois, and the Crozer-Keystone Health System in Philadelphia. It also attacked educational institutions including the Columbia College of Chicago and Michigan State University.

Cybersecurity firm McAfee’s report in August 2020 stated that since March 2020, the NetWalker gang already got at least 29 million of ransom payments. The gang has been  quite successful with its operations doing ransomware-as-a-service.

It was also reported that the group has attacked large, high-value companies this 2020. It even got affiliates to do specialized tasks like attacking firewalls, web app interfaces, Remote Desktop Protocol connections and Virtual Private Networks. These operations were just like other manual ransomware attacks, the attacker stole data before encrypting files. The stolen data of victims that do not pay the ransom are published on darknet websites.

Because the NetWalker ransomware gang’s activities continue to increase, the FBI released an alert last July 2020 to tell healthcare companies, private companies, educational institutions, and government departments to beware of the higher risk of ransomware attacks.