DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Another healthcare database hacked and put up for sale (UPDATED)

Posted on July 9, 2016 by Dissent

The blackhat using the Twitter handle @tdohack3r (TheDarkOverlord) has put yet another database with patient information up for sale. As with previous hacks, the database contains identity information that could be used for identity theft or fraud. It also contains medical insurance account information and codes related to the type of service.

Listing on dark net for patient database
Listing on dark net for patient database

According to the listing on TheRealDeal Market, the database consists of 23,565 patients’ records. TheDarkOverlord has not yet indicated publicly whether the entity, who is not named in the listing, has been or will be sent a ransom demand, although that has been the hackers’ M.O. so far, it seems.

The database was allegedly “retrieved from an accessible internal network using account credentials that were garnered through the token impersonation of an employee.” As with some other attacks, the hacker(s) claim to have used a RDP 0day that they discovered.

The patient records are in the format:

PatID,FirstName,LastName,Soc,Addr1,Addr2,City,State,Zip,HomePhone,

WorkPhone,Email,LastApptDate,LastVisitType,NextApptDate,NextVisitType,

LastDOS,FollowUpDate,BirthDate,Ins,InsID1,InsID2,RefPhysCode,First,

Last,Title,LastPract,LastBase,LastTotal

From medical codes in the sample data and from a July 1st tweet from TheDarkOverlord with images, DataBreaches.net identified the likely affected organization. Their facility is closed over the weekend, however, so DataBreaches.net has left them an inquiry. DataBreaches.net has also attempted to contact some of the patients, but has received no response as yet.  This will be updated as more information becomes available.

Update 1: Well, someone at the entity who answered the phone yesterday first seemed to acknowledge that they were hacked, and transferred my call to someone else, who claimed she had no idea what I was talking about. So I called back and started again, and ran into “We have no idea what you’re talking about responses.”  Interesting. Either they are in coverup mode or a lot of the employees are clueless.

In any event, it is P&O Care that is the hacked entity. I do hope they issue a statement, although they have ignored a few messages from me. As of yesterday, some of their patients’ data had been dumped on a public paste site, and then there were those pictures…

Related posts:

  • Forbes Breach Email Statistics
  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • A further 512 websites hacked and defaced by HaX.R00T
  • What OPSEC? Member of “thedarkoverlord” allegedly used his personal details to set up hacking and extortion-related accounts.
Category: Breach IncidentsHackHealth Data

Post navigation

← Twitter login credentials up for sale on dark net
Ukrainian Hacker Hacks Polish Telecom Giant Netia; Leaks Massive Data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.