25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Another Healthcare Organization Attacked by The Dark Overlord

Posted By on Sep 26, 2017

Following a couple of months of relative quiet, the hacking group TheDarkOverlord has announced another successful attack on a U.S. healthcare provider, Mass-based SMART Physical Therapy (SMART PT).

The hack reportedly occurred on September 13, 2017, with the announcement of the data theft disclosed by TDO on Twitter on Friday 22, 2017.  No mention was made about how access to the data was gained, although it was confirmed to databreaches.net that the attack took advantage of the use of weak passwords. The entire database of patients was reportedly stolen.

Databreaches.net was provided with the patient database and has confirmed the authenticity of the attack. The database contained a wide range of information on 16,428 patients, including contact information, dates of birth and Social Security numbers.

This was an extortion attempt and a demand for payment in Bitcoin was reportedly sent to SMART PT, although no payment has been made, nor will it be. SMART PT spokesperson Joanne Ponte confirmed to databreaches.net that they refuse to communicate with criminals and give in to the extortion demands.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

TDO was responsible for several hacks of healthcare organizations over the past two years, including Ca-based Dougherty Laser Vision, Little Red Door Cancer Services of East Central Indiana, Hand Rehabilitation Specialists, Tampa Bay Surgery Center, OC GastroCare, Aesthetic Dentistry and Athens Orthopedic Clinic, to mention but a few. In several cases, the failure to respond to emails and the refusal to give in to the extortion demands has resulted in patient data being dumped online.

Since the attack only occurred in the past few days, the incident has yet to be reported to the Department of Health and Human Services’ Office for Civil Rights and patients have not yet been notified of the breach. SMART PT is currently investigating the breach and is implementing its breach response protocol.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist