HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Another Healthcare Organization Attacked by The Dark Overlord

Following a couple of months of relative quiet, the hacking group TheDarkOverlord has announced another successful attack on a U.S. healthcare provider, Mass-based SMART Physical Therapy (SMART PT).

The hack reportedly occurred on September 13, 2017, with the announcement of the data theft disclosed by TDO on Twitter on Friday 22, 2017.  No mention was made about how access to the data was gained, although it was confirmed to databreaches.net that the attack took advantage of the use of weak passwords. The entire database of patients was reportedly stolen.

Databreaches.net was provided with the patient database and has confirmed the authenticity of the attack. The database contained a wide range of information on 16,428 patients, including contact information, dates of birth and Social Security numbers.

This was an extortion attempt and a demand for payment in Bitcoin was reportedly sent to SMART PT, although no payment has been made, nor will it be. SMART PT spokesperson Joanne Ponte confirmed to databreaches.net that they refuse to communicate with criminals and give in to the extortion demands.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

TDO was responsible for several hacks of healthcare organizations over the past two years, including Ca-based Dougherty Laser Vision, Little Red Door Cancer Services of East Central Indiana, Hand Rehabilitation Specialists, Tampa Bay Surgery Center, OC GastroCare, Aesthetic Dentistry and Athens Orthopedic Clinic, to mention but a few. In several cases, the failure to respond to emails and the refusal to give in to the extortion demands has resulted in patient data being dumped online.

Since the attack only occurred in the past few days, the incident has yet to be reported to the Department of Health and Human Services’ Office for Civil Rights and patients have not yet been notified of the breach. SMART PT is currently investigating the breach and is implementing its breach response protocol. Further information on the incident can be read here.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.