Austin Manual Therapy Associates (AMTA) has two locations in Austin, Texas. They also have a very professional-looking web site and pictures of smiling and professional-looking physical therapy staff.
What they don’t have at this time, though, is any statement on their web site indicating that their patient data was hacked. And yet according to a spokesperson for TheDarkOverlord (TDO), AMTA was, indeed, hacked.
The hackers first publicly alluded to the hack in their Twitter account on October 4 and then again on October 11:
Are you a cardiologist in Miami, FL? How about a physical therapist in Austin, TX? Watch out.
— thedarkoverlord (@tdo_hackers) October 4, 2017
Are you a cardiologist in Miami, FL? How about a physical therapist in Austin, TX? Watch out.
Austin Manual Therapy Association from Texas, how’s your response coming along?
— thedarkoverlord (@tdo_hackers) October 11, 2017
Austin Manual Therapy Association from Texas, how’s your response coming along?
DataBreaches.net does not know whether AMTA ever responded to TheDarkOverlord (TDO), although TDO has claimed in an encrypted chat with DataBreaches.net that there was no response.
Nor does this site know exactly when or how TDO hacked AMTA, when or how they first contacted them to demand any payment, nor how many patients’ information they may have acquired. As of the time of this posting, this site only knows that it appears that AMTA was hacked by TDO. AMTA has not responded to two inquiries sent to it over this past week by this site.
Although TDO did not provide this site with a complete patient database, sample data that TDO did provide included a file with PHI labeled “No Response Patients,” a file with UHC insurance authorization for named patients, and a file with individual details about named patients:
This post may be updated if AMTA does send a statement to this site. I would think that AMTA is covered by HIPAA and will need to report this incident to HHS, so we may see this up on HHS’s site within 60 days.
Unfortunately, the AMTA hack is only of a number of hacks of healthcare entities that TDO has launched within the past year. In fact, TDO offered to give this site information and data on more than a dozen other incidents, but this site declined for the time being as it becomes overwhelming trying to keep up with all their hacks. Perhaps when I get yet another drive with more storage, I will be able to take them up on their offer. Although these hacks and extortion attempts are unpleasant, I continue to think that it’s important to report on them so that the public – and more importantly, responsible entities – see how great a problem this is. If all the public sees are reports claiming that accidental disclosure is the biggest threat, well, blackhats like TDO will continue to just romp through patient databases. Hacks may not be the largest percentage of incidents in healthcare, but let’s remember the number of records per incident metric and the fact that hacked data is more likely to be misused than accidentally disclosed data.
But how can TDO be behind this when their “mastermind” is behind bars?
That’s apparently what the Feds told Tor, says Bustin’ Wafer.
I quote, “He’s the mastermind”.
What do we have to do to interject before they convict an innocent man?
Who or what is Bustin’ Wafer? And I have personally yelled at FBI agents over the lies that have been told to the Dallas judge and court. This is total bullshit. The Dallas FBI *knows* or has damned good reason to know that Shafer was promptly giving them information he got from TDO as he got it. I have his emails to me where he cc:d the Dallas FBI to give them information and data as he got it. I have records of his attempts to try to help MI5 when he thought TDO was hacking the NHS. Shafer was trying to figure TDO out and to get more info from them, which he then shared with me, law enforcement, and anyone who might work to stop TDO from hurting patients.
Shafer is a hero when it comes to trying to protect patient data and anyone who claims differently can rot in Hell.