25% off all training courses Offer ends June 26, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends June 26, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Central Ohio Urology Group Informs 300K Patients of PHI Theft

Posted By on Oct 3, 2016

Patients of Central Ohio Urology Group whose protected health information was stolen and posted online in August have now been notified of the security breach.

While it is not clear exactly when the hack occurred, the data stolen in the cyberattack were dumped online on August 2, 2016. A wide range of patient data were uploaded to Google Drive by the hackers and were freely accessible. The hackers behind the attack – Pravvy Sector (Pravyi Sektor) – sent out links to the data on Twitter.

The data appeared to have been stolen from an internal server used by Central Ohio Urology Group. Access to the server is understood to have been gained using SQL injection – a technique commonly used by hackers to gain access to web application database servers. At the time it was unclear exactly how many patients had been impacted by the breach, although the stolen data included 401,828 files including images, videos, text files, documents and spreadsheets.

Central Ohio Urology Group has now confirmed that it became aware of the breach on August 2 when the data were posted online. Action was immediately taken to remove the data. According to the breach notice “We contacted law enforcement and had the information removed from the online drive within hours.”

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

An investigation was conducted to determine how access to the data was gained, and all of the stolen files were reviewed to determine how many individuals had been impacted. The breach notification sent to the Department of Health and Human Services’ Office for Civil Rights indicates 300,000 patients were impacted.

The data stolen in the attack included the names of patients, telephone numbers, addresses, email addresses, dates of birth, driver’s license numbers, State ID numbers, Social Security numbers, health plan and health insurance information (including identifiers), patient ID numbers, account information, employment-related information, medical histories, diagnoses, and treatment information.

Central Ohio Urology Group has offered all affected patients a year of complimentary identity theft protection services, and steps have been taken to bolster security to prevent future data breaches. Those measures include a new firewall, network monitoring software, and controls to restrict access to patient data.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist