DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Another healthcare database hacked and put up for sale (UPDATED)

Posted on July 9, 2016November 27, 2019 by Dissent

The blackhat using the Twitter handle @tdohack3r (TheDarkOverlord) has put yet another database with patient information up for sale. As with previous hacks, the database contains identity information that could be used for identity theft or fraud. It also contains medical insurance account information and codes related to the type of service.

Listing on dark net for patient database
Listing on dark net for patient database

According to the listing on TheRealDeal Market, the database consists of 23,565 patients’ records. TheDarkOverlord has not yet indicated publicly whether the entity, who is not named in the listing, has been or will be sent a ransom demand, although that has been the hackers’ M.O. so far, it seems.

The database was allegedly “retrieved from an accessible internal network using account credentials that were garnered through the token impersonation of an employee.” As with some other attacks, the hacker(s) claim to have used a RDP 0day that they discovered.

The patient records are in the format:

PatID,FirstName,LastName,Soc,Addr1,Addr2,City,State,Zip,HomePhone,

WorkPhone,Email,LastApptDate,LastVisitType,NextApptDate,NextVisitType,

LastDOS,FollowUpDate,BirthDate,Ins,InsID1,InsID2,RefPhysCode,First,

Last,Title,LastPract,LastBase,LastTotal

From medical codes in the sample data and from a July 1st tweet from TheDarkOverlord with images, DataBreaches.net identified the likely affected organization. Their facility is closed over the weekend, however, so DataBreaches.net has left them an inquiry. DataBreaches.net has also attempted to contact some of the patients, but has received no response as yet.  This will be updated as more information becomes available.

Update 1: Well, someone at the entity who answered the phone yesterday first seemed to acknowledge that they were hacked, and transferred my call to someone else, who claimed she had no idea what I was talking about. So I called back and started again, and ran into “We have no idea what you’re talking about responses.”  Interesting. Either they are in coverup mode or a lot of the employees are clueless.

In any event, it is P&O Care that is the hacked entity. I do hope they issue a statement, although they have ignored a few messages from me. As of yesterday, some of their patients’ data had been dumped on a public paste site, and then there were those pictures…

Related Posts:

  • More details emerge on hacked patient databases up for sale
  • Lording it over the healthcare sector: health…
  • Atlanta orthopedic group investigating whether they…
  • As databases from old hacks appear, they also go up for sale
  • Hacker Selling 68 Million Stolen Dropbox User…

Post navigation

← Twitter login credentials up for sale on dark net
Ukrainian Hacker Hacks Polish Telecom Giant Netia; Leaks Massive Data →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • AlphV claims they have started contacting some of Tipalti’s clients (1)
  • Research: Privacy as Pretense: Empirically Mapping the Gap Between Legislative & Judicial Protections of Privacy
  • What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.
  • On September 2nd, the U.S. branch of Great Star Industrial Co. disbursed a ransom of 1 million dollars to a ransomware group
  • Former Public School Information Technology Manager Charged with Damaging School’s Computer Network
  • Sellafield nuclear site hacked by groups linked to Russia and China
  • Hackers steal IDF patient records from cyberattack on Israeli hospital (corrected)
  • AlphV claims an attack before even alerting the victim. How will that work out for them? (1)

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net