Watson Clinic, a Lakeland-based healthcare provider, suffered a ransomware attack in January 2024, exposing the personal identifiable information (PII) of over 280,000 patients. The compromised data included names, addresses, birthdates, Social Security numbers, driver’s license numbers, financial account details, and medical records, stored unencrypted in an internet-accessible environment. The DonutLeaks ransomware group claimed responsibility, threatening to publish the stolen data after Watson Clinic allegedly ignored a ransom demand. The breach was discovered on February 6, 2024, but public disclosure was delayed until April 2024, with notifications to patients and state Attorneys General occurring months later. The clinic faced a class-action lawsuit (filed in September 2024) for failing to secure patient data, leading to a $10 million settlement fund to compensate affected individuals for identity theft risks, financial harm, and potential dark web exposure of sensitive images. Payments range from $100 to $75,000, depending on the severity of data exposure.
Watson Clinic LLP cybersecurity rating report: https://www.rankiteo.com/company/watson-clinic
"id": "WAT2232122112225",
"linkid": "watson-clinic",
"type": "Ransomware",
"date": "1/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '280,278 patients',
'industry': 'healthcare',
'location': 'Lakeland, Florida, USA',
'name': 'Watson Clinic',
'type': 'healthcare provider'}],
'attack_vector': 'unauthorized network access (likely via exposed '
'internet-facing systems)',
'customer_advisories': ['patients informed of eligibility for payments '
'($100–$75,000 based on data exposure)',
'deadline for claims: February 5, 2026',
'opt-out deadline for separate lawsuits: January 6, '
'2026'],
'data_breach': {'data_encryption': 'no (data was stored unencrypted)',
'data_exfiltration': True,
'number_of_records_exposed': '280,278',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes SSN, driver’s license, '
'medical info, financial data, and '
'sensitive images)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)',
'financial account information',
'digital images (some published '
'on dark web)']},
'date_detected': '2024-02-06',
'date_publicly_disclosed': '2024-04-26',
'description': 'Watson Clinic, a Lakeland-based healthcare provider, suffered '
'a ransomware attack in January 2024, exposing the personal '
'and medical data of over 280,000 patients. The DonutLeaks '
'ransomware group claimed responsibility and threatened to '
'publish the stolen data after Watson Clinic allegedly failed '
'to respond to a ransom demand. The breach led to a '
'class-action lawsuit, resulting in a $10 million settlement '
'fund for affected patients, with payments ranging from $100 '
'to $75,000 based on the sensitivity of exposed data. The '
'clinic stored unencrypted patient data in an '
'internet-accessible environment until the breach was '
'discovered on February 6, 2024.',
'impact': {'brand_reputation_impact': 'significant (class-action lawsuit, '
'public disclosure of negligence)',
'customer_complaints': True,
'data_compromised': True,
'financial_loss': '$10 million (settlement fund)',
'identity_theft_risk': 'high (lifelong risk alleged in lawsuit)',
'legal_liabilities': 'class-action lawsuit (Viviani v. Watson '
'Clinic, Middle District of Florida)',
'payment_information_risk': True,
'systems_affected': "limited portion of Watson Clinic's network"},
'initial_access_broker': {'data_sold_on_dark_web': True,
'entry_point': 'internet-accessible environment '
'with unencrypted data',
'high_value_targets': ['patient PII/PHI',
'financial data',
'medical images']},
'investigation_status': 'ongoing (settlement fairness hearing scheduled for '
'December 8, 2026)',
'motivation': 'financial (ransom demand)',
'post_incident_analysis': {'root_causes': ['failure to encrypt sensitive data',
'insecure storage in '
'internet-accessible systems',
'delayed public disclosure and '
'incomplete transparency (omission '
"of DonutLeaks' threats)"]},
'ransomware': {'data_exfiltration': True,
'ransom_demanded': 'presumed (amount undisclosed)',
'ransom_paid': 'no (Watson Clinic did not respond to demand)',
'ransomware_strain': 'DonutLeaks'},
'references': [{'source': 'The Ledger (Gary White)'},
{'source': 'Kroll Settlement Administration',
'url': 'https://www.watsondatasettlement.com'},
{'source': 'U.S. District Court for the Middle District of '
'Florida (Case: Viviani v. Watson Clinic)'}],
'regulatory_compliance': {'legal_actions': ['class-action lawsuit (Viviani v. '
'Watson Clinic, filed September '
'2024)',
'$10 million settlement fund '
'(preliminary approval October '
'2025)'],
'regulatory_notifications': ['state Attorneys '
'General (notified '
'August 2024)']},
'response': {'communication_strategy': ['website notice (April 26, 2024, '
'without mentioning DonutLeaks)',
'state Attorneys General '
'notifications (August 2024)',
'patient emails (August 2024)',
'settlement notices via mail (2025)',
'settlement website '
'(www.watsondatasettlement.com)',
'toll-free helpline (833-630-5410)'],
'incident_response_plan_activated': True},
'stakeholder_advisories': ['settlement notices mailed to 280,278 patients',
'public website for claims '
'(www.watsondatasettlement.com)'],
'threat_actor': 'DonutLeaks ransomware group',
'title': 'Watson Clinic Ransomware Attack and Data Breach (January 2024)',
'type': ['ransomware', 'data breach'],
'vulnerability_exploited': 'unencrypted storage of sensitive data in an '
'internet-accessible environment'}