Central Ohio Urology Group is the latest victim of a PHI (Protected Health Information) data dump, apparently by a Ukrainian hacktivist named Pravyy Sector who performed the hack-and-dump in because, as he told DataBreaches.net, “I’ve just wanted to [attract attention] to the terrible facts. This lab is part of the US healthgcare [sic] what helped Pentagon killing us…. of course [I can’t] harm USAMRU-G or naval medical research – they are protected well – but I can hack less protected system.” Screen shots taken by DataBreaches.net show definitively that the hack happened sometime in 2013 or 2014, and revealed a wealth of personal and medical info on the Ohio urology patients, including:
Healthcare Data Hacking Motivations
This latest healthcare network data breach is most likely being scrutinized for motive and provenance by the Department of Health and Human Services, who will no doubt be handing out HIPAA fines to the medical group for the hack and patient-data exposure. Hacktivist Pravyy Sector also makes the very strange and disturbing claim that, “I personally witnessed in Kherson as instructors [sic] injections to our volunteers and 14 people died later. Some were strange convulsions before death.” Apparently, this Ukraine-based hacker’s motives lie somewhere in the range of wanting to make U.S. residents aware of some cryptic experiment that killed some of his own comrades. Whether one can believe that a Ukrainian hacker cares so deeply about American urology patients that he would strive to make them aware of an unprovable X-Files-sounding experiment-gone-wrong in Kherson is anyone’s best guess.
The Hackers and the Hacked
Pravyy Sector (or, “Right Sector”) has been described as “The most radical wing of Ukraine’s protest movement by the BBC, and supposedly has ties to anti-government forces who toppled then-President Viktor Yanukovych in February 2014. When contacted by an investigative reporter for Modern Health Care for comment, the Central Ohio Urology Group voice mail contained the following message (in part): “If we find that our data system truly has been breached, we will contact affected individuals directly with more information. We have taken additional steps to further protect our patient data.”
The Role of Social Media
Pravyy Sector, a.k.a. Twitter handle @pravsector, posted its rant and the many thousands of filched documents to a Twitter account and Google cloud-based storage site, along with a copy of a spreadsheet containing all of the patient medical and personal information. The tweet referenced “156GB files,” a link to the Google SaaS drive, along with the main spreadsheet.
Update to the Story
It appears that around 520,000 total document files, including pdfs, .xls, and .docx files of patient records are involved, and which contain monthly surgical spreadsheets and detailed records of surgeries, consultation forms, and medical histories of the Central Ohio Urology Group patients. An analysis of the data dump has now shown the files to be full of Ransomware, and an even larger data breach than first thought. Service dates of the files range between July 21 to July 22, 2014. @PravSector has confirmed to DataBreaches.net that the attack occurred on the Urology group’s server, not a third-party vendor’s.
If you are a healthcare facility department head concerned by these troubling events, let experienced IT consultants help you figure out the proper course of action. Globalquest Solutions is the leader in providing managed IT services in Buffalo and Western New York. Contact our expert IT staff at 716-601-3524 or send us an email at firstname.lastname@example.org, and we will be happy to answer your questions.