Joslin Diabetes Center

The Washington State Office of the Attorney General disclosed a ransomware attack targeting the Joslin Diabetes Center between February 7, 2020, and May 20, 2020, officially reported on September 18, 2020. The incident compromised sensitive personal and medical data of 1,212 Washington residents, including full names, dates of birth, and medical information. The attack encrypted critical systems, leading to unauthorized access and potential exfiltration of patient records. While the exact operational disruptions remain undisclosed, the exposure of protected health information (PHI) a highly regulated data category under HIPAA poses severe risks, including identity theft, medical fraud, and targeted phishing scams against affected individuals. The breach underscores vulnerabilities in healthcare cybersecurity, particularly against ransomware groups exploiting weak endpoints or unpatched systems. The center likely faced regulatory scrutiny, financial penalties, and reputational damage, compounded by the need for mandatory breach notifications, credit monitoring for victims, and system overhauls to prevent recurrence. Given the nature of the stolen data (medical records), the incident falls under high-severity cyber threats to both patient privacy and organizational trust, with long-term consequences for compliance and operational continuity.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10316

TPRM report: https://www.rankiteo.com/company/joslin-diabetes-center

"id": "jos1043092625",
"linkid": "joslin-diabetes-center",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': '1,212',
                        'industry': 'healthcare',
                        'location': 'Washington, USA',
                        'name': 'Joslin Diabetes Center',
                        'type': 'healthcare provider'}],
 'data_breach': {'number_of_records_exposed': '1,212',
                 'personally_identifiable_information': ['names',
                                                         'full dates of birth'],
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['personal information',
                                              'medical information']},
 'date_publicly_disclosed': '2020-09-18',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving Joslin Diabetes Center. The breach, '
                'caused by a ransomware attack between February 7, 2020, and '
                'May 20, 2020, impacted 1,212 Washington residents. '
                'Compromised information included names, full dates of birth, '
                'and medical information.',
 'impact': {'data_compromised': ['names',
                                 'full dates of birth',
                                 'medical information'],
            'identity_theft_risk': 'high'},
 'references': [{'date_accessed': '2020-09-18',
                 'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Washington State '
                                                        'Office of the '
                                                        'Attorney General']},
 'title': 'Joslin Diabetes Center Ransomware Attack and Data Breach (2020)',
 'type': ['ransomware', 'data breach']}