Share this article on:
Following a couple of months of relative quiet, the hacking group TheDarkOverlord has announced another successful attack on a U.S. healthcare provider, Mass-based SMART Physical Therapy (SMART PT).
The hack reportedly occurred on September 13, 2017, with the announcement of the data theft disclosed by TDO on Twitter on Friday 22, 2017. No mention was made about how access to the data was gained, although it was confirmed to databreaches.net that the attack took advantage of the use of weak passwords. The entire database of patients was reportedly stolen.
Databreaches.net was provided with the patient database and has confirmed the authenticity of the attack. The database contained a wide range of information on 16,428 patients, including contact information, dates of birth and Social Security numbers.
This was an extortion attempt and a demand for payment in Bitcoin was reportedly sent to SMART PT, although no payment has been made, nor will it be. SMART PT spokesperson Joanne Ponte confirmed to databreaches.net that they refuse to communicate with criminals and give in to the extortion demands.
TDO was responsible for several hacks of healthcare organizations over the past two years, including Ca-based Dougherty Laser Vision, Little Red Door Cancer Services of East Central Indiana, Hand Rehabilitation Specialists, Tampa Bay Surgery Center, OC GastroCare, Aesthetic Dentistry and Athens Orthopedic Clinic, to mention but a few. In several cases, the failure to respond to emails and the refusal to give in to the extortion demands has resulted in patient data being dumped online.
Since the attack only occurred in the past few days, the incident has yet to be reported to the Department of Health and Human Services’ Office for Civil Rights and patients have not yet been notified of the breach. SMART PT is currently investigating the breach and is implementing its breach response protocol. Further information on the incident can be read here.