TheDarkOverLord—a hacker or, rather, syndicate of hackers—breached another medical clinic. Hackers targeted Electronic Healthcare Records throughout 2016, and TheDarkOverLord (TDO) claimed responsibility for the overwhelming majority of EHR thefts. This time, TDO leaked the records of 530,000 patients of Atlanta’s Peachtree Orthopedics.
The hacking entity, notorious for attacking medical clinics via RDP, released millions of patient records. In an exclusive article with DeepDotWeb, TDO published pictures of his data. (With the sensitive information removed, however). While the hacker released database upon database of hacked credentials, TDO is most known for leaking of 9.3m customer records from a healthcare database.
The records, like the majority of TDO’s data dumps, ended up on TheRealDeal darknet marketplace. TheRealDeal hosted the majority of TDO’s dumps and was well known for being the go-to darknet market for stolen data. The healthcare insurance dump’s listing explained that “this product is a vast database in plaintext from a large insurance healthcare organization in the United States. It was retrieved using a 0day within the RDP protocol that gave direct access to this sensitive information.”
A well-known security researcher analyzed the dump and noted that much of the information appeared old. But, Dissent Doe explained that for nearly $500,009—at the time—one could have semi-complete information on 9.3m people. While the information, in and of itself, lacked the details to function as a full identity kit—the details it provided came very close.
Like the majority of the TDO dumps, this one contained a first and last name; a street address; city, state, and zip codes; home and cell phones; the patient’s DOB; and lastly, the Social Security Number.
TDO breached another medical database in Athens, Georgia.
And another beach from a clinic in the Midwest United States.
The darknet was full of TDO’s information for a significant period when the beaches started becoming a commonplace. Peachtree Orthopedics made an announcement regarding a breach in the form of a letter. The clinic sent the letter in October, and in it, mentioned the confirmation of the breach on September 22, 2016. The hospital released few details—WSBTV said that the company refused to disclose the number of victims of the breach. An investigation by Channel 2’s Carol Sbarge, two months later, revealed that the clinic lost as many as 530,000 patient records.
TDO released a statement regarding the hack, and it began as follows:
It all started many months ago when we acquired 543k patient records which contain both PII and PHI – well before the date of breach notice and alleged date of breach. 543,879 records for anyone counting. Oh, the things one could do with so much data! Some of you have been so kind as to suggest what to do with it all (Hello, ICIT!).
After letting the records collect dust in a folder somewhere for months, we went to Peachtree Orthopedics – like Athens Orthopedic – and proposed a solution to the dilemma – we have data that they don’t want to us to have. With us both running a business, we hoped for a speedy resolution so we can go our separate ways – it was anything but.
That information simply confirmed the data posted by Dissent Doe; she spoke with several Peachtree Orthopedics employees, following the breach announcement. One employee confirmed that the FBI looked into the breach in early summer; the same time TheDarkOverLord breached the clinics as mentioned earlier. “In the meantime, TheDarkOverlord informed DataBreaches.net that he intends to release another database today from a major Atlanta sports team,” she wrote.
Peachtree Orthopedic PR:
Peachtree Orthopedic’s press release from October can be found on the company’s website. Below is part of “A Message To Our Patients:”
Patient care is at the center of our mission, and we take seriously the confidentiality of the information we hold. We, therefore, regret to inform you that on September 22, 2016, we confirmed an unauthorized intrusion into our computer system. We then took immediate action and are working closely with forensic experts and the FBI to investigate and address the situation.
While our investigation is ongoing, we have found evidence indicating that information such as patient names, home addresses, email addresses, and dates of birth was potentially taken. In some cases, the patient’s treatment code, prescription records, or social security number may also have been made.