DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Another healthcare database hacked and put up for sale (UPDATED)

Posted on July 9, 2016 by Dissent

The blackhat using the Twitter handle @tdohack3r (TheDarkOverlord) has put yet another database with patient information up for sale. As with previous hacks, the database contains identity information that could be used for identity theft or fraud. It also contains medical insurance account information and codes related to the type of service.

Listing on dark net for patient database
Listing on dark net for patient database

According to the listing on TheRealDeal Market, the database consists of 23,565 patients’ records. TheDarkOverlord has not yet indicated publicly whether the entity, who is not named in the listing, has been or will be sent a ransom demand, although that has been the hackers’ M.O. so far, it seems.

The database was allegedly “retrieved from an accessible internal network using account credentials that were garnered through the token impersonation of an employee.” As with some other attacks, the hacker(s) claim to have used a RDP 0day that they discovered.

The patient records are in the format:

PatID,FirstName,LastName,Soc,Addr1,Addr2,City,State,Zip,HomePhone,

WorkPhone,Email,LastApptDate,LastVisitType,NextApptDate,NextVisitType,

LastDOS,FollowUpDate,BirthDate,Ins,InsID1,InsID2,RefPhysCode,First,

Last,Title,LastPract,LastBase,LastTotal

From medical codes in the sample data and from a July 1st tweet from TheDarkOverlord with images, DataBreaches.net identified the likely affected organization. Their facility is closed over the weekend, however, so DataBreaches.net has left them an inquiry. DataBreaches.net has also attempted to contact some of the patients, but has received no response as yet.  This will be updated as more information becomes available.

Update 1: Well, someone at the entity who answered the phone yesterday first seemed to acknowledge that they were hacked, and transferred my call to someone else, who claimed she had no idea what I was talking about. So I called back and started again, and ran into “We have no idea what you’re talking about responses.”  Interesting. Either they are in coverup mode or a lot of the employees are clueless.

In any event, it is P&O Care that is the hacked entity. I do hope they issue a statement, although they have ignored a few messages from me. As of yesterday, some of their patients’ data had been dumped on a public paste site, and then there were those pictures…


Related:

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Two more entities have folded after ransomware attacks
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
Category: Breach IncidentsHackHealth Data

Post navigation

← Twitter login credentials up for sale on dark net
Ukrainian Hacker Hacks Polish Telecom Giant Netia; Leaks Massive Data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.