In a post yesterday, I reported that protected health information and identity information of patients of Athens Orthopedic Clinic that had been leaked online by hackers remained available to anyone who knows where to look for it. Although it’s frustrating and understandably worrying to patients, I give AOC credit that they tried to find the leaks and plug them. I…
Category: Of Note
Locky Targets Hospitals In Massive Wave Of Ransomware Attacks
Tom Spring reports: A massive Locky ransomware campaign spotted this month targets primarily the healthcare sector and is delivered in phishing campaigns. The payload, researchers at FireEye said, is dropped via .DOCM attachments, which are macro-enabled Office 2007 Word documents. Especially hard hit are hospitals in the United States followed by Japan, Korea and Thailand, according to research…
Athens Orthopedic Clinic patient data still exposed on leak site
DataBreaches.net discovered today that two copies of a paste (data dump) with over 860 AOC patients’ information is still available online if you know where to look for it. I’m providing a redacted screenshot below so patients can get a sense of what these pastes/leaks look like, although I’ve blacked out most of the street addresses, the…
Athens Orthopedic Clinic incident response leaves patients in the dark and out of pocket for protection
On June 26, after learning that databases with patients’ protected health information had been put up for sale on the dark web, DataBreaches.net began investigating and trying to alert the victim entities so that they could take immediate steps to try to mitigate harm to patients. By that evening, I had sent an email to Athens Orthopedic…
Quest Records LLC breach linked to TheDarkOverlord hacks; more entities investigate if they’ve been hacked
At the end of June, DeepDotWeb broke the story that hackers calling themselves TheDarkOverlord (TDO) had put three databases with patient information up for sale on the dark net. Although the owners of the databases were not listed, DataBreaches.net was able to identify two of the three entities as the Athens Orthopedic Clinic (AOC) in Atlanta and Midwest Orthopedic Pain and Spine (MOPS) in Farmington, Missouri. Both entities…
Why We Should Score Data Breaches
Dan Munro had an interesting conversation with Jeff Williams of Contrast Security at BlackHat, which led to a draft scoring system for data breaches and corporate responses: Tone – Is the announcement apologetic and not blaming? Does it acknowledge that there should have been better defenses and that the breach should have been detected and been…