Sermo Data Breach Exposes 2,674 Individuals to SSN Leak in March 2024 Ransomware Attack
Sermo, a social network for physicians, confirmed a March 2024 data breach affecting 2,674 individuals after their Social Security numbers were exposed. The ransomware group Black Basta claimed responsibility for the attack in April 2024, alleging it stole 700 GB of data from the company. A second group, Medusa, later asserted it had also breached Sermo in July 2025, demanding a $500,000 ransom though Sermo did not acknowledge this claim.
According to Sermo’s breach notice, the incident began with a power outage at its Denmark data center on April 10, 2024, later identified as a ransomware attack. Unauthorized access occurred between March 19 and April 10, 2024, with Black Basta posting stolen data on its leak site on April 17, 2024. Delays in disclosure were attributed to difficulties retrieving the data, as Black Basta’s site was slow and unstable Sermo only completed the download in September 2024 after months of failed attempts. The group’s leak site was taken down on January 27, 2025, removing public access to the stolen data.
As a response, Sermo is offering affected individuals 12 months of free credit monitoring and identity theft restoration through Kroll.
Black Basta, a ransomware-as-a-service (RaaS) operation active since early 2022, was known for double extortion demanding payment both to decrypt systems and to prevent data leaks. The group was disrupted by law enforcement in 2025, though some of its breaches, like Sermo’s, are only now coming to light. Prior to its shutdown, Black Basta claimed 173 confirmed attacks since 2022, exposing nearly 12 million people’s data. Other major healthcare-related breaches included Ascension (5.6 million affected) and Numotion (700,000 affected).
The incident reflects broader risks in the healthcare sector, where ransomware attacks can disrupt critical systems and expose sensitive patient data. In 2024, researchers tracked 32 confirmed ransomware attacks on healthcare-related businesses, compromising over 196 million records. While 2025 saw fewer incidents (27 attacks), they still exposed 5.9 million individuals’ data. Recent examples include MedRevenu (December 2024, BianLian) and MTI America (September 2025, Sinobi).
Sermo, which serves over 1 million verified physicians, facilitates medical discussions, drug ratings, and paid surveys. The breach underscores the persistent threat ransomware poses to healthcare infrastructure and patient privacy.
Source: https://www.comparitech.com/news/social-network-for-doctors-sermo-breached-by-ransomware-attack/
Sermo cybersecurity rating report: https://www.rankiteo.com/company/worldone
"id": "WOR1770746319",
"linkid": "worldone",
"type": "Ransomware",
"date": "3/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '2,674 individuals',
'industry': 'Healthcare/Technology',
'location': 'Denmark (data center)',
'name': 'Sermo',
'size': 'Over 1 million verified physicians',
'type': 'Social Network for Physicians'}],
'attack_vector': 'Power outage exploited for unauthorized access',
'customer_advisories': '12 months of free credit monitoring and identity '
'theft restoration through Kroll.',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes (700 GB)',
'number_of_records_exposed': '2,674 individuals',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (SSN, medical discussions)',
'type_of_data_compromised': ['Social Security numbers',
'Personally identifiable '
'information']},
'date_detected': '2024-04-10',
'date_publicly_disclosed': '2024-09',
'description': 'Sermo, a social network for physicians, confirmed a March '
'2024 data breach affecting 2,674 individuals after their '
'Social Security numbers were exposed. The ransomware group '
'Black Basta claimed responsibility for the attack in April '
'2024, alleging it stole 700 GB of data from the company. A '
'second group, Medusa, later asserted it had also breached '
'Sermo in July 2025, demanding a $500,000 ransom though Sermo '
'did not acknowledge this claim.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': '700 GB',
'identity_theft_risk': 'Yes (SSN exposure)',
'operational_impact': 'Disrupted data center operations'},
'initial_access_broker': {'entry_point': 'Power outage at Denmark data '
'center'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Persistent ransomware threats to healthcare '
'infrastructure and patient privacy; delays in data breach '
'disclosure due to unstable threat actor infrastructure.',
'motivation': ['Financial gain', 'Data exfiltration'],
'post_incident_analysis': {'corrective_actions': 'Credit monitoring for '
'affected individuals; '
'potential improvements in '
'incident response and data '
'protection.',
'root_causes': 'Exploitation of power outage for '
'unauthorized access; delayed '
'detection and response.'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': ['$500,000 (Medusa)',
'Unknown (Black Basta)'],
'ransomware_strain': ['Black Basta', 'Medusa']},
'recommendations': 'Enhanced monitoring, network segmentation, and proactive '
'incident response planning to mitigate ransomware risks.',
'references': [{'source': 'Sermo Breach Notice'},
{'date_accessed': '2024-04-17',
'source': 'Black Basta Leak Site'}],
'response': {'communication_strategy': 'Breach notice disclosure',
'remediation_measures': '12 months of free credit monitoring and '
'identity theft restoration',
'third_party_assistance': 'Kroll (credit monitoring and identity '
'theft restoration)'},
'threat_actor': ['Black Basta', 'Medusa'],
'title': 'Sermo Data Breach Exposes 2,674 Individuals to SSN Leak in March '
'2024 Ransomware Attack',
'type': 'Ransomware Attack'}