DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

St. Francis Health System hacked: TheDarkOverlord? (UPDATE)

Posted on September 14, 2016 by Dissent

TheDarkOverlord, who had hacked and attempted to extort a number of medical clinics in May – June, has seemingly reappeared [see UPDATES below this post], and claims to have hacked St. Francis Health System in Oklahoma:

Last week, we ransacked the web servers of Saint-Francis, a network of hospitals and clinics located in Tulsa, OK. We are now the proud owners of a large collection of medical and confidential records which we will release after Sunday unless we get paid 24 Bitcoins to this address: 17CF9LigWhxDnqPxX14rejcR1jhE3QGUJV

Being nice people, we offered Saint-Francis not to dump their data on the Internet in exchange for those 24 Bitcoins, which they so far declined to do. Because, why clean up your own mess, right? It’s not as if they left a giant gaping hole in their web application. OH WAIT, THAT’S EXACTLY WHAT THEY DID.

We do not care who pays us as long as those 24BTC are in our wallet by the end of the week. Whether you’re a concerned citizen, a patient from Saint-Francis or any other entity willing to help, we do not care. Our wallet is open to everyone.

If we do not get the amount the requested by Sunday, all of the data we downloaded will be posted on the Internet.

The Dark Overlord

Their statement was followed by some sample data from a “diabetes” table. Unhelpfully, they did not include field headers, so although it appears that there are names, addresses, dates of birth and other information, exactly what all the other information is is not totally clear. The data also appear to be old, from 2008.

A second sample is allegedly from a”ConsentsRecentlyGenerated” table. Those data appear to contain name, date of birth, and type of procedure being consented to, as well as the date and time and the name of the physician to whom consent was granted.

The hackers also posted some entry from a “Tips” table, which appear to be suggestions generated by employees as to how to improve patient satisfaction/experience.

At the time of this posting, St. Francis’s site is not responding.

DataBreaches.net has not yet attempted to confirm the authenticity of any data or claims, but will be following up on these claims.

Update 1: The hospital’s site is back online now and DataBreaches.net left a voicemail asking for information and confirmation or denial of the claimed hack. Of course, even if they confirm the hack, that doesn’t mean it was by the same actors who called themselves TheDarkOverlord. Notice that I had reported that they had “seemingly reappeared.” There are several things about the paste that make me wonder if this might be a copycat. If not, then at the very least, someone else has taken over the public statements and letter-writing. DataBreaches.net has been trying to make contact with TDO through previous channels to ask them to confirm or deny whether this was really their hack.

Update 2: I have been told by a source close to TheDarkOverlord that the Saint Francis hack was not by TheDarkOverlord and that TDO had told him that it wasn’t TDO.  The same source would also like DataBreaches.net’s readers to know that he is extremely funny (I can actually vouch for that!) “a bit of a looker” and “charming.” Did I mention that I could vouch for him being extremely funny?

Category: HackHealth DataU.S.

Post navigation

← Trump’s campaign mute about data security #fail?
The Mystery of the Reappearing FTP server, Part 2 →

1 thought on “St. Francis Health System hacked: TheDarkOverlord? (UPDATE)”

  1. Justin Shafer says:
    September 14, 2016 at 3:42 pm

    Dude still has no soul.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.