Ransomware Attack on Greater Pittsburgh Orthopaedic Associates by Donut Leaks

Incident Date:

May 18, 2024

World map



Ransomware Attack on Greater Pittsburgh Orthopaedic Associates by Donut Leaks


Greater Pittsburgh Orthopaedic Associates




Cranberry Twp, USA

Pennsylvania, USA

First Reported

May 18, 2024

Ransomware Attack on Greater Pittsburgh Orthopaedic Associates by Donut Leaks

Victim Overview

A well-established orthopaedic practice in the Pittsburgh area, Greater Pittsburgh Orthopaedic Associates, specializes in orthopedic care, including surgery, physical therapy, and sports medicine. The company operates multiple offices across the Pittsburgh area and accepts all major insurance plans in Pennsylvania.

Company Size and Standout Features

GPOA is a medium-sized company with multiple office locations and a focus on providing comprehensive orthopaedic care with a minimally-invasive approach. The practice stands out in the industry for offering a wide range of services, including elbow surgery, foot and ankle care, hip and knee replacements, spine surgery, and sports medicine.

Attack Details

GPOA fell victim to a ransomware attack orchestrated by the cybercriminal group known as Donut Leaks. The attackers managed to exfiltrate a significant amount of sensitive data, including between 100,000 to 150,000 scans of ID cards. A sample of the leaked data was made available on the dark web leak site operated by Donut Leaks.

Ransomware Group Overview

Donut Leaks is a relatively new data extortion group that has been linked to recent cyberattacks. The group uses its own customized ransomware for double-extortion attacks and maintains a data storage site where stolen data is stored and can be browsed and downloaded by visitors. Donut Leaks has targeted several high-profile organizations and is known for its double-extortion strategy and theatrics in ransom notes and data leak site.

Company Vulnerabilities

The attacked company may have been targeted by threat actors due to the sensitive nature of the healthcare data they handle, including patient information and medical records. The company's multiple office locations and acceptance of major insurance plans make it a lucrative target for ransomware groups looking to exfiltrate valuable data for extortion purposes.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.