After a few months of comparative calm, the hacking unit TheDarkOverlord has proclaimed one more fruitful attack on a United States healthcare supplier, SMART PT.
The hack supposedly happened on September 13, 2017, having the declaration of the data thievery revealed by TDO’s Tweet on Friday 22, 2017. How access to the files was gained was not mentioned, even though it was verified to databreaches.net that the attack took benefit of the usage of vulnerable PINs. The whole databank of patients was supposedly thieved.
Databreaches.net was provided the patient databank and has verified the genuineness of the attack. The databank had a wide variety of info on 16,428 patients, including contact information, Social Security numbers and dates of birth.
This was a coercion effort and an ultimatum for reimbursement in Bitcoin supposedly transmitted to SMART PT, even though no reimbursement has been made. SMART PT representative Joanne Ponte verified to databreaches.net affirming that they declined to be in touch with crooks and concede to the coercion pressures.
TDO was accountable for many hacks of healthcare companies during the last 2 years, including Little Red Door Cancer Services of East Central Indiana, Ca-based Dougherty Laser Vision, Tampa Bay Surgery Center, Hand Rehabilitation Specialists, OC GastroCare, Aesthetic Dentistry and Athens Orthopedic Clinic. In many cases, the failure to reply to electronic mails and the denial to concede to the coercion demands has led to patient files being abandoned online.
As the attack only happened in the last few days, the case has not yet been informed to the Division of Health and Human Services’ OCR and patients have not yet been informed of the breach. SMART PT is presently probing the breach and is applying its breach response procedure. Additional info on the case can be read here.