Ransomware Attack on Greater Pittsburgh Orthopaedic Associates by Donut Leaks

Incident Date: May 18, 2024

Attack Overview

VICTIM

Greater Pittsburgh Orthopaedic Associates

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Donutleaks

FIRST REPORTED

May 18, 2024

Request Removal

Ransomware Attack on Greater Pittsburgh Orthopaedic Associates by Donut Leaks

Victim Overview

A well-established orthopaedic practice in the Pittsburgh area, Greater Pittsburgh Orthopaedic Associates, specializes in orthopedic care, including surgery, physical therapy, and sports medicine. The company operates multiple offices across the Pittsburgh area and accepts all major insurance plans in Pennsylvania.

Company Size and Standout Features

GPOA is a medium-sized company with multiple office locations and a focus on providing comprehensive orthopaedic care with a minimally-invasive approach. The practice stands out in the industry for offering a wide range of services, including elbow surgery, foot and ankle care, hip and knee replacements, spine surgery, and sports medicine.

Attack Details

GPOA fell victim to a ransomware attack orchestrated by the cybercriminal group known as Donut Leaks. The attackers managed to exfiltrate a significant amount of sensitive data, including between 100,000 to 150,000 scans of ID cards. A sample of the leaked data was made available on the dark web leak site operated by Donut Leaks.

Ransomware Group Overview

Donut Leaks is a relatively new data extortion group that has been linked to recent cyberattacks. The group uses its own customized ransomware for double-extortion attacks and maintains a data storage site where stolen data is stored and can be browsed and downloaded by visitors. Donut Leaks has targeted several high-profile organizations and is known for its double-extortion strategy and theatrics in ransom notes and data leak site.

Company Vulnerabilities

The attacked company may have been targeted by threat actors due to the sensitive nature of the healthcare data they handle, including patient information and medical records. The company's multiple office locations and acceptance of major insurance plans make it a lucrative target for ransomware groups looking to exfiltrate valuable data for extortion purposes.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.