hiveleak attacks NCG Medical

Incident Date:

August 31, 2022

World map



hiveleak attacks NCG Medical


NCG Medical




Orlando, USA

Flordia, USA

First Reported

August 31, 2022

NCG Medical Suffers Ransomware Attack by HiveLeak Group

Company Overview

NCG Medical is a medical billing and coding services company that assists healthcare providers in managing their revenue cycle and enhancing their billing processes. Despite the lack of detailed information on its website regarding the company's size or employee count, it is noted that their team comprises certified coders, MBAs, and CPAs. These professionals collaborate with healthcare providers, integrating with existing EHR or practice management software to streamline operations.

Vulnerabilities and Impact

The HiveLeak ransomware group's attack on NCG Medical underscores the significant risks ransomware poses to the healthcare sector. Such incidents can disrupt healthcare services, lead to the loss of sensitive patient data, and result in substantial financial losses, either from ransom payments or subsequent legal challenges. Specifically, HiveLeak claimed to have encrypted files containing sensitive information for over 50,000 patients, including diagnoses, lab results, and medication details. This breach has compromised NCG Medical's operational capacity, potentially causing delays and disruptions in revenue cycle management for their clients.

Mitigation and Response

Details of NCG Medical's specific responses to the ransomware attack are not publicly disclosed. However, it is critical for healthcare providers to implement comprehensive cybersecurity strategies to defend against such threats. Effective measures include conducting regular software updates and patches, providing cybersecurity training to employees, and maintaining backup systems to reduce data loss impacts. Additionally, having a predefined incident response plan is crucial for quickly addressing and mitigating the effects of cyberattacks, ensuring rapid recovery and continuity of care.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.