August 2, 2016 by

Hackers Steal Thousands of Ohio Health System Records

 A hacker has made the claim of stealing over one hundred thousand internal documents from a healthcare system based in Ohio. Many of those include personal health information on patients.

In a Twitter post, a hacker purportedly based out of Ukraine has uploaded over 156 GB of data to a Google Drive from Gahanna, Ohio-based Central Ohio Urology Group. The group is owned by the Mount Carmel Health System, the second-largest healthcare system in Ohio, as reported by ZDNet.

In the post, the hacker claims that to have carried out an attack with a screenshot that shows a couple of dozen patient names and addresses, dates of birth as well as diagnoses.

Security researcher Lee Johnstone was able to comb through the data to reveal that the breach was a dump of the document manager system. In it, some 46,000 word documents, along with nearly 55,000 PDF documents were found.

Other files included system files, executables and other applications and programs directly related to healthcare and center management.

Notably, while the hackers’ screenshot embedded in the tweet displayed a number of patients’ personal health records, most of the files discovered in the breach were internal documents. However, some of the documents were filled-in health reimbursements as well as insurance-related files. Among these files, many related directly to billing and revealed amounts that were paid and due.

In a private message via Twitter, the handler behind the username @PravSector claimed that his hack was for political purposes.

He told the publication:

“I personally witnessed in Kherson as instructors injections to our volunteers and 14 people died later. Some were strange convulsions before death.”

“We are people, and we want to live.”

The attacker claims to have attacked Central Ohio Urology Group with an SQLinjection, a form of attack frequently used to target outdated systems.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Steve Gravely on the WannaCry Ransomware Attack and What it Means to the Healthcare Industry

Steve Gravely focuses his practice in the areas of health law, information privacy and cybersecurity...

Read more arrow_forward

Ransomware and HIPAA- What You Need to Know to Stay Secure

Ransomware attacks have continued to steadily increase over the past couple of years. According to a...

Read more arrow_forward