Hacker Dumps Sensitive Patient Data From Ohio Urology Clinics

The files include names, addresses, phone numbers, dates of birth, and even diagnostic and treatment information.

Aug 2 2016, 3:55pm

Image: Che Saitta-Zelterman

A hacker has dumped a huge collection of sensitive patient records and alleged internal documents from a US healthcare organisation for anyone to access.

On Tuesday, a hacker or group of hackers using the name Pravvy Sector posted a link on Twitter to over 150 GB of data from the Central Ohio Urology Group. On its website, the organisation says it is the largest concentration of experienced urologists in Ohio, and lists more than 20 locations.

The data contains a mountain of apparent financial spreadsheets, human resource documents, and patient records. The files include names, addresses, phone numbers, dates of birth, and what looks like treatments patients have received, such as renal ultrasound, sperm count, or semen analysis. Some records show the insurance company patients are registered with.

"RADIOGRAPHIC EVALUATION—SUMMARY," starts one document, dated 2012. It then goes on to describe what treatment a patient was given, their doctor's name, the date of the exam, and diagnostic information.

One of the internal "daily division reports" is dated July 2016, suggesting the organisation was hacked recently.

Motherboard reached two people in the data by phone who confirmed they were patients at the Central Ohio Urology Group. One of those confirmed his birth year and ZIP code. Another phone call went through to the correct voicemail box.

One of the patients, an elderly man, was audibly confused when reached by Motherboard. "What should I do?" he asked, in response to learning his personal data had been hacked.

Motherboard has asked the IT department of the Central Ohio Urology Group for comment, but has not yet received a response.

Motherboard recently reported that Pravvy Sector was linked to several bots that last week aggressively tweeted a string of documents they claimed were hacked from an Armenian embassy and other government bodies, seemingly in an effort to get press attention. Other bots have since sprung up, some of which are trying to give the impression of being legitimate news outlets and tweeting the hacked medical files to various accounts.

Pravvy Sector could not be reached for comment. At the time of writing, a motive for the data dump is not clear.

The lesson: Although the motive of this particular dump is unknown, other opportunistic hackers could use this data for their own ends. Victims should keep an eye out for suspicious messages or phone calls using any information stored by the medical group.

Another day, another hack.