After a few months of seeming inactivity, TheDarkOverlord (TDO) hacking group has declared yet another successful attack on healthcare company, SMART Physical Therapy (SMART PT) based in Massachusetts.
The hack apparently happened on September 13, 2017, but TDO announced the data theft on Twitter only on September 22, 2017. There was no mention regarding how TDO gained access to the data, though it was disclosed to databreaches.net that the hack took advantage of the system’s weak passwords. The complete database of patients was stolen according to the report.
Databreaches.net was given the patient database and affirmed the genuineness of the hack. The database comprised a huge selection of data on 16,428 patients, which includes contact details, birth dates and Social Security numbers.
This was an attempt by TDO to extort. SMART PT received a ransom demand in Bitcoin, though the company did not and will not pay. According to SMART PT spokesperson Joanne Ponte, the company refuse to connect with the cyber criminals and agree to the extortion demands.
TDO hacked healthcare companies several times in the last two years, which included Little Red Door Cancer Services of East Central Indiana, Ca-based Dougherty Laser Vision, , Hand Rehabilitation Specialists, OC GastroCare, Tampa Bay Surgery Center, Athens Orthopedic Clinic and Aesthetic Dentistry. In a couple of cases, not responding to TDO’s emails and not giving their extortion demands ended in the dumping of patient information online.
Because the attack just happened in the last couple of days, the breach report is not yet submitted to the Department of Health and Human Services’ Office for Civil Rights. Patients have not received notification letters as well. SMART PT is now investigating the data breach and is carrying out its breach response standard protocol. Additional information regarding the incident is available here.