Atlanta orthopedic group investigating whether they are TheDarkOverlord’s victim

On Sunday, reported on healthcare databases that are up for sale on the darknet in the RealDealMarket. The seller is “TheDarkOverlord,” who provided descriptions of the databases and samples, but did not name the victim entities. In a number of encrypted chats with the hacker since then, obtained additional information about the identity of the entity and emails sent to them.

Several days ago, reached out to the Athens Orthopedic Clinic in Atlanta after some investigating by this journalist and Justin Shafer suggested that AOC might be the victim identified as Healthcare Database (397,000 Patients) from Atlanta, Georgia. provided AOC with some of the sample data as well as information derived from lightly redacted screenshots TheDarkOverlord had provided to this blogger (some of which were subsequently redacted more and included in my reporting for the Daily Dot).

At this time, I am not going to be specific about all the evidence/indicators I sent AOC, but today, received a statement from them:

“In the last 48 hours, we were made aware of a potential data breach relating to our online patient records. Today, we also received an email requesting that we comply with the hacker’s request (which has been published in various forms online.) We take the privacy of our patients very seriously, as well as the laws that guide patient privacy, and we are investigating what may have happened through the proper channels. When we have more information to share with you and your readers, we will be in touch.”
Kayo Elliott, CEO, Athens Orthopedic Center asked them to clarify whether the email requesting compliance with the hacker’s request came from the alleged hacker (TheDarkOverlord) or another party. A spokesperson replied that, “The email sender did not identify him or herself as the hacker.”

AOC’s response appears inconsistent with TheDarkOverlord’s previous statements to this blogger and other journalists that the entities whose databases were up for sale are those who had not paid ransom demands. From AOC’s statement today, it might appear that AOC had no idea of anything until contacted them two days ago. But if they had previously received – and read – a ransom demand, they should have known already. was able to contact TheDarkOverlord and asked for a response to AOC’s statement. He (they) acknowledged that they had sent a reminder email about the ransom earlier today, and that they had made it clear in the email that they were the hackers. They also disputed AOC’s statement that they first became aware of the breach 48 hours ago.

For now, is going to leave it there, but other than noting that we are convinced that AOC is the entity tied to the exposed database, I would note that  TheDarkOverlord was asked if he/they would provide this blogger with some proof that AOC had been aware of the breach before two days ago. If and when such proof is provided, will report on it. Any suggestion or possibility that AOC knew about this before this week and may have ignored it – or worse, tried to cover it up – is certainly a troubling one.

In the meantime, TheDarkOverlord informed that he intends to release another database today from a major Atlanta sports team.


About the author: Dissent

2 comments to “Atlanta orthopedic group investigating whether they are TheDarkOverlord’s victim”

You can leave a reply or Trackback this post.
  1. Jordana Ari - June 29, 2016

    What are the authorities doing to to stop thedarkoverlord?!?!?? This is getting so f$%ked up insane already.

    • Justin Shafer - June 29, 2016

      How? The onion network? I heard you have to stay online for a LONG time for them to be able to out your ip address, and for all you know he has Tor ran through another computer, and more networks. Not easy to catch a guy like this, technologically speaking.

Comments are closed.