Share this article on:
A Ukrainian hacker/hacking group – operating under the name Pravvy Sector – has stolen 156GB of data from Central Ohio Urology Group, a Mount Carmel Health System-owned network of 24 urology clinics in central Ohio. A link to the data was recently sent out via the hacker/hacking groups Twitter account.
The stolen data set of 401,828 files includes text files, zip and rar files, SQL files, CSV, BAK, DOC/DOCX documents, XLS/XLSX spreadsheets, video files, PDFs, JPEG and TIF images, and crypt files. The data were recently uploaded to Google Drive and the theft appears to have occurred in the past few days.
The data set includes highly sensitive documents relating to employees and patients. Names, phone numbers, addresses, dates of birth, medical procedures performed, health insurance details, diagnostic tests, dates of service, referring physicians’ names, diagnostic information, medical histories, and ultrasound scan images are all included in the files.
The majority of the files appear to be internal documents. Hackread reports that “the entire architecture design of the data center is also among the leaked data with absolutely no security whatsoever,” the report goes on to point out the severity of the breach, saying the exposed data – which was analyzed by Oren Yaakobi of Hacked-DB – includes “network designs, detailed communication data flow, login details to various servers, internal hospital documents, payments info, medical records and history of patients, x-rays, internal and external communication between co-workers and clients, PST files, backup files and more.”
The data is believed to have been obtained from a document manager system and the attack appears to have involved SQL injection. Pravvy Sector (Pravyi Sektor) relates to the Right Sector, a far-right nationalist party in Ukraine. The motive behind the attack and publication of the data is unclear, although ZDNet reports that Pravvy Sector performed the attack and data dump for “political purposes.”
Last month, Pravvy Sector attempted to extort money from the Polish government and threatened to post highly sensitive data stolen from the Defense Ministry if a ransom payment of $50,000 in Bitcoin was not made. The Polish government confirmed that the data were stolen from a Defense ministry database.
A few days earlier, the hacking group hacked a database of the second largest telecoms company in Poland – Netia – and stole and posted details of 14GB of customer data online.
Update: October 3, 2016
The incident has now been reported to the Department of Health and Human Services’ Office for Civil Rights. The breach notice indicates 300,000 individuals were impacted.