Cybercriminal steals 105,000 documents from Central Ohio Urology Group
A Ukrainian hacker said he has stolen over 105,000 internal documents from Central Ohio Urology Group, based in Gahanna, Ohio. The Urology Group is touted to be the second-largest health system in the state with 24 locations.
The cybercriminal posted a screenshot of a list containing a few dozen names, addresses, dates of birth and diagnoses to Twitter, claiming to have uploaded 156GB of data to a Google Drive.
At the time of publication, a Central Ohio Urology Group spokesperson was unavailable for comment.
[Cybersecurity special report: Ransomware to get worse, hackers target whales, medical devices and IoT trigger new vulnerabilities]
The breach was the result of a document manager system dump, Lee Johnstone, a security researcher and founder of Cyber Wars News told ZDNet. There were more than 46,000 Microsoft Word documents, 54,500 PDF files and other data, such as executable files, systems files and other healthcare-related apps.
While the screenshot provided by the hacker revealed patient data, many of the stolen files were internal documents from the health organization, he added. However, some documents contained insurance-related files and health reimbursement details, including billing information.
The breach also contained non-password protected Excel files with log files for the past six months, which included doctors’ names, surgery details and drug information, Johnstone continued.
The hacker claimed the attack was carried out for political reasons, according to DataBreaches.net. The hacker also said he gained access through a SQL injection, which is relatively easy to perform on out-of-date systems, ZDNet reported.