DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Central Ohio Urology Group hacked, PHI dumped: hacktivist (Updated)

Posted on August 2, 2016 by Dissent

A Ukrainian hacktivist claims to have hacked and dumped 156 GB of patient data from Central Ohio Urology Group in Ohio.

The alleged hack was announced Tuesday morning by the @PravSector account, who posted an unredacted screen shot and a link to the data dump on Google Drive.

Screen shot purportedly from COUG database - redacted by DataBreaches.net. All data were in the fields were in plain text.
Screen shot purportedly from COUG database – redacted by DataBreaches.net. All data were in the fields were in plain text.

The data fields in the screen shot include the patients’ full name, postal address and telephone number, date of birth, date of service, and diagnosis (although not ICD codes: just notations such as “lump,” “stones,” “sex drive”). The protected health information (PHI) also included the name of the patient’s insurance carrier and account number.

All data were in plain text. The service dates in the screen shot were from 2013-2014, and a quick Google search confirmed that there are individuals with those names living at those addresses.

In private messages, @PravSector informed DataBreaches.net that he was the hacker, and that this hack was for political purposes – a “warning” so that “no one thought to poison our people with the virus from secret laboratories.”  Many have died in Odessa, he tells DataBreaches.net.

“I personally witnessed in Kherson as instructors injections to our volunteers and 14 people died later. Some were strange convulsions before death.”

“We are people, and we want to live.”

And that’s where the conversation got a bit confusing, because Pravyy Sector acknowledged that there was no evidence Central Ohio Urology Group (COUG) was involved in any such research or activity.  Despite that, he attacked them – via SQLinjection, he claims – and plans to attack others as well. He also plans to disclose what he describes as “top secret docs with secret trials of virus in Ukraine.”

Pravyy Sector claims that he had emailed a warning to COUG in the past, and DataBreaches.net is attempting to obtain a copy of that communication.

But the bottom line for Pravyy Sector is that he wants to publicize what he believes the U.S. is doing to Ukrainians, and to warn any labs not to participate with the Pentagon in any such research.

I’ve just wanted to atract attantion to the terrible facts. This lab is part of the US healthgcare what helped Pentagon killing us…. of course i cant harm USAMRU-G or naval medical research – they are protected well – but I can hack less protected system.

When asked whether he really felt this was the right way to send a message – by attacking uninvolved sites and exposing patient information on innocent people, Pravyy Sector replied,

I dnt know whether the right way but my comrades died a horrible death. I want people to know the truth.

DataBreaches.net contacted COUG to alert them to the claimed breach and they are currently investigating.  DataBreaches.net also sent an email inquiry to a Gmail address listed as the owner of the data dump.

This is a developing story and the post will be updated as more information becomes available.

Update1: The files are still being analyzed by @Cyber_War_News, who has been feeding information to a few of us as he finds things. This is a huge compilation of internal documents and patient records, including 100,000 document files and pdfs. I’ve also seen monthly surgical spreadsheets with detailed records on named patients’ surgeries, and consultation forms with patients’ medical histories and insurance information.

In other words, this is going to be brutal. I should note that although it seems that the exfiltration of the data occurred on July 21st and July 22, it’s not yet clear whether it was COUG’s server from which the data were stolen or a vendor/business associate’s. @Cyber_War_News hypothesizes that it’s a dump from an installation of DocumentPlus.

Update2: CyberWarNews.info has released their analysis of the data dump. Of possible note, Lee found evidence of ransomware.  CUOG has yet to provide this site with any statement about the breach.

Update3: See also HackRead’s coverage with screenshots.

Update4: @PravSector tells DataBreaches.net that the attack was on COUG’s server, not a vendor’s. COUG has yet to issue any statement.

Update 5 (Sept. 27): It looks like COUG has determined that it was an attack on their server, although we don’t have total numbers yet.

Update 6 (Oct. 3) COUG reported it to HHS as affecting 300,000.

 


Related:

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
Category: Breach IncidentsHealth DataU.S.

Post navigation

← Iranian ISP ‘Daba’ Hacked by Israeli Hacker; Login Data Leaked
Auckland lab tech caught accessing patient records 890 times can return to work →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
  • North Country Healthcare responds to Stormous’s claims of a breach
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.