On Sunday, DataBreaches.net reported on healthcare databases that are up for sale on the darknet in the RealDealMarket. The seller is “TheDarkOverlord,” who provided descriptions of the databases and samples, but did not name the victim entities. In a number of encrypted chats with the hacker since then, DataBreaches.net obtained additional information about the identity of the entity and emails sent to them.
Several days ago, DataBreaches.net reached out to the Athens Orthopedic Clinic in Atlanta after some investigating by this journalist and Justin Shafer suggested that AOC might be the victim identified as Healthcare Database (397,000 Patients) from Atlanta, Georgia.
DataBreaches.net provided AOC with some of the sample data as well as information derived from lightly redacted screenshots TheDarkOverlord had provided to this blogger (some of which were subsequently redacted more and included in my reporting for the Daily Dot).
At this time, I am not going to be specific about all the evidence/indicators I sent AOC, but today, DataBreaches.net received a statement from them:
“In the last 48 hours, we were made aware of a potential data breach relating to our online patient records. Today, we also received an email requesting that we comply with the hacker’s request (which has been published in various forms online.) We take the privacy of our patients very seriously, as well as the laws that guide patient privacy, and we are investigating what may have happened through the proper channels. When we have more information to share with you and your readers, we will be in touch.”
Kayo Elliott, CEO, Athens Orthopedic Center
DataBreaches.net asked them to clarify whether the email requesting compliance with the hacker’s request came from the alleged hacker (TheDarkOverlord) or another party. A spokesperson replied that, “The email sender did not identify him or herself as the hacker.”
AOC’s response appears inconsistent with TheDarkOverlord’s previous statements to this blogger and other journalists that the entities whose databases were up for sale are those who had not paid ransom demands. From AOC’s statement today, it might appear that AOC had no idea of anything until DataBreaches.net contacted them two days ago. But if they had previously received – and read – a ransom demand, they should have known already.
DataBreaches.net was able to contact TheDarkOverlord and asked for a response to AOC’s statement. He (they) acknowledged that they had sent a reminder email about the ransom earlier today, and that they had made it clear in the email that they were the hackers. They also disputed AOC’s statement that they first became aware of the breach 48 hours ago.
For now, DataBreaches.net is going to leave it there, but other than noting that we are convinced that AOC is the entity tied to the exposed database, I would note that TheDarkOverlord was asked if he/they would provide this blogger with some proof that AOC had been aware of the breach before two days ago. If and when such proof is provided, DataBreaches.net will report on it. Any suggestion or possibility that AOC knew about this before this week and may have ignored it – or worse, tried to cover it up – is certainly a troubling one.
In the meantime, TheDarkOverlord informed DataBreaches.net that he intends to release another database today from a major Atlanta sports team.