A hacktivist yesterday claimed to have hacked and dumped 156 GB of patient data from Central Ohio Urology Group in Ohio. The attack was allegedly carried out by an SQL injection, an often easy attack for dated systems.
The hacker group, who go by the alias of @PravSector, posted a screen shot and a link to the data dump on Google Drive.
The stolen data includes the patients’ full name, postal address and telephone number, date of birth, date of service, and diagnosis. The data dump also shows treatments patients have received, such as renal ultrasound, sperm count, or semen analysis. Some records show protected health information (PHI), such as the insurance company patients are registered with, and their record number.
On its website, the Central Ohio Urology Group, owned by Mount Carmel Health System, claims to be the largest concentration of experienced urologists in Ohio, listing more than 24 locations.
The data dump included more than 46,600 Word documents and 54,500 PDF documents. Many of the other files included executable files, system files, and other apps relating to healthcare and center management.
Medical hacks have become quite common. So far in 2016, there have been 49 hacking-related US medical data breaches affecting a minimum 500 people each. A lot of breaches have gone unreported, meaning the final tally would be even higher.