Federal prosecutors in the U.S. accused a trio—including Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co-conspirator—of deploying **BlackCat (ALPHV) ransomware** against this Tampa-based medical device firm in **May 2023**. The attackers infiltrated the company’s network, exfiltrated sensitive data, and encrypted systems, demanding a **$10 million ransom**. While negotiations reduced the payment, the company ultimately transferred **$1.274 million in cryptocurrency** to regain access to its systems and prevent further data leaks. The attack disrupted operations, risked exposure of proprietary medical device designs, and compromised internal employee and customer data—including potentially **health records, financial details, and intellectual property**. The incident forced the company to engage in costly incident response, legal consultations, and system recovery efforts. The FBI’s investigation later revealed that one of the perpetrators (Goldberg) was a **cybersecurity incident response manager** at Sygnia, exploiting insider knowledge to facilitate the attack. The breach not only caused **financial losses** but also **reputational damage**, as the company’s failure to prevent the attack eroded trust among partners and clients. The case remains under legal scrutiny, with two defendants facing up to **50 years in prison** if convicted.
Source: https://thehackernews.com/2025/11/us-prosecutors-indict-cybersecurity.html
TPRM report: https://www.rankiteo.com/company/boston-scientific
"id": "bos5595255110425",
"linkid": "boston-scientific",
"type": "Ransomware",
"date": "5/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'healthcare/medical devices',
'location': 'Tampa, Florida, U.S.',
'name': 'Medical Device Company (Tampa, Florida)',
'type': 'private'},
{'industry': 'pharmaceuticals',
'location': 'Maryland, U.S.',
'name': 'Pharmaceutical Company (Maryland)',
'type': 'private'},
{'industry': 'healthcare',
'location': 'California, U.S.',
'name': "Doctor's Office (California)",
'type': 'private'},
{'industry': 'engineering',
'location': 'California, U.S.',
'name': 'Engineering Company (California)',
'type': 'private'},
{'industry': 'aerospace/defense',
'location': 'Virginia, U.S.',
'name': 'Drone Manufacturer (Virginia)',
'type': 'private'}],
'attack_vector': ['malicious insider',
'unauthorized network access',
'ransomware deployment (BlackCat/ALPHV)'],
'data_breach': {'data_encryption': True, 'data_exfiltration': True},
'date_publicly_disclosed': '2025-07-00',
'description': 'Federal prosecutors in the U.S. accused Ryan Clifford '
'Goldberg, Kevin Tyler Martin, and an unnamed co-conspirator '
'(all U.S. nationals based in Florida) of hacking five U.S. '
'companies using BlackCat ransomware between May and November '
'2023. The trio, employed in cybersecurity and ransomware '
'negotiation roles, allegedly exploited their positions to '
'conduct attacks, extort ransoms (with one confirmed payment '
'of ~$1.274M), and split proceeds. Charges include conspiracy, '
'extortion, and intentional damage to protected computers, '
'carrying potential penalties of up to 50 years in federal '
'prison.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'financial_loss': {'doctor_office': '$5,000,000 (demanded, unpaid)',
'drone_manufacturer': '$300,000 (demanded, '
'unpaid)',
'engineering_company': '$1,000,000 (demanded, '
'unpaid)',
'medical_device_company': '$1,274,000 (paid '
'ransom)',
'pharmaceutical_company': 'unspecified '
'(demanded, unpaid)'},
'legal_liabilities': ['potential 50-year federal prison sentences',
'ongoing FBI investigation into DigitalMint '
'employee'],
'operational_impact': True,
'systems_affected': True},
'initial_access_broker': {'entry_point': ['malicious insider access '
'(Goldberg: Sygnia; Martin: '
'DigitalMint)'],
'high_value_targets': ['healthcare (2), '
'engineering, aerospace, '
'pharmaceuticals']},
'investigation_status': 'ongoing (FBI investigation into DigitalMint employee '
'as of July 2025)',
'motivation': ['financial gain', 'personal debt (Goldberg)', 'enrichment'],
'post_incident_analysis': {'root_causes': ['insider threat abuse of '
'privileged roles',
'lack of oversight for '
'cybersecurity personnel',
'financial motivations']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': ['$10,000,000 (medical device company, May '
'2023)',
"$5,000,000 (doctor's office, July 2023)",
'$1,000,000 (engineering company, October '
'2023)',
'$300,000 (drone manufacturer, November '
'2023)',
'unspecified (pharmaceutical company, May '
'2023)'],
'ransom_paid': '$1,274,000 (medical device company, May 2023)',
'ransomware_strain': 'BlackCat (ALPHV)'},
'references': [{'date_accessed': '2025-07-00', 'source': 'Chicago Sun-Times'},
{'date_accessed': '2025-07-00', 'source': 'Bloomberg'},
{'date_accessed': '2025-07-00',
'source': 'U.S. Federal Indictment Documents'}],
'regulatory_compliance': {'legal_actions': ['indictments for conspiracy, '
'extortion, and computer damage',
'potential 50-year prison '
'sentences']},
'response': {'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['FBI',
"Sygnia (Goldberg's former employer)",
"DigitalMint (Martin's former "
'employer)']},
'threat_actor': ['Ryan Clifford Goldberg',
'Kevin Tyler Martin',
'Co-Conspirator 1 (unnamed)'],
'title': 'BlackCat (ALPHV) Ransomware Attacks on Five U.S. Companies by '
'Insider Threat Actors (2023)',
'type': ['ransomware', 'insider threat', 'data breach', 'extortion']}