DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Indiana orthopedics practice becomes a victim of a ransomware attack

Posted on October 21, 2021 by Dissent

I hate to see medical entities become victims of ransomware attacks, but if they do, then I’m glad to see them promptly alert patients to any problems.

Central Indiana Orthopedics is a positive example of prompt alerting. The following notice appears on their web site:

IMPORTANT ANNOUNCEMENT: We regret to inform you that Central Indiana Orthopedics experienced an organization-wide network interruption on October 16, 2021. Out of an abundance of caution, we have taken all of our systems offline to ensure they are clean prior to restoring our network from backups. We have also engaged a third party specialized cybersecurity team of experts to assist with restoration in addition to conducting an investigation to determine how this incident occurred and the overall impact on our information systems. We are working diligently to continue treating scheduled and walk-in patients and we apologize for any inconvenience this may cause. We will provide you with more information as it becomes available.

Yesterday, threat actors known as “Grief” added Central Indiana Orthopedics to their dark web leak site.  As is their practice, the threat actors also provided proof of claims — some files allegedly exfiltrated from CIO’s system.

Listing on Dark Web Leak Site
CIO was added to the threat actors’ leak site on October 20.

Inspection of the proof of claim files does support the claim that they successfully attacked CIO and exfiltrated at least some patient data.  DataBreaches.net observed laboratory reports from ARIA with drug screen panels on named patients as well as various spread sheets on patient encounters.

Grief does not indicate how much data they claim to have exfiltrated. Nor do they indicate how much of a monetary ransom they have demanded to destroy any data. The fact that Grief has dumped some data generally means that their victim (in this case, CIO) has not agreed to pay their demands. Grief tends to dump more data in installments over time.

This post will be updated as more information becomes available. CIO is probably being advised NOT to pay any extortion demands because, to put it simply, criminals cannot be trusted to keep their word and even if they pinky swear that they will destroy data and never ever misuse it, they may not keep their word. If CIO has usable backups that they can use to recover important files, that may be their focus.

Related posts:

  • VA: Greensville County Public Schools hit by Grief threat actors
  • Ventura Orthopedics hit by ransomware weeks ago; some patient data dumped
  • U.S. medical entities fall prey to Pysa threat actors, but many haven’t disclosed it – at least, not yet.
Category: Commentaries and AnalysesHealth DataMalwareU.S.

Post navigation

← Olympus US and Sinclair Broadcast Group hacks tied to sanctioned Russian ransomware group
FIN7 Recruits Talent For Push Into Ransomware →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.