Tens of thousands of patient records posted to dark web

NBC News reports that extensive patient data from Leon Medical Centers and Nocona General Hospital were published in an apparent extortion attempt.
By Kat Jercich
11:58 AM

This story has been updated to include a statement from Leon Medical Centers representatives.

Hackers have published extensive patient data from Leon Medical Centers in Miami and Nocona General Hospital in Texas in an apparent extortion attempt, reported NBC News this past Friday.

The tens of thousands of files reportedly include patients' names, addresses and birthdays, in addition to their medical diagnoses.

Requests to Nocona for comment were not returned by press time.

"Many hackers recognize the potential value of health data on the dark web, potentially upward of $1,000 per record in the current climate," said Tony Goulding, cybersecurity evangelist at the security vendor Centrify. 


As NBC News noted, releasing such enormous amounts of medical data is a somewhat unprecedented move, even in this time of increased ransomware.

The files reportedly comprise tens of thousands of scanned diagnostic results and letters to insurers, background checks on hospital employees and an Excel document with more than 100 patient names, dates, details of colonoscopy procedures, and notations about whether the patient has a "normal colon," among other personal health information.

Leon Medical Centers released a statement in January about a November cybercriminal attack that compromised access to files containing personal information. 

"Patient services were not affected by the situation. We are working diligently with third-party forensic experts to identify individuals affected by the matter. As soon as possible, we will provide direct notifications to any affected individuals, in accordance with relevant state and federal regulations," said a representative from Leon Medical Centers in an email to Healthcare IT News after publication.

"Upon discovering this incident, we immediately took steps to review and reinforce the security of our systems. We are reviewing existing security policies and have implemented additional cybersecurity measures and employee training to further protect against similar incidents moving forward. For security reasons, we are unable to provide additional details at this time," the representative continued.

The information may have included "name, contact information, Social Security number, financial information, date of birth, family information, medical record number, Medicaid number, prescription information, medical and/or clinical information including diagnosis and treatment history, and health insurance information," said that statement.

In a report to the U.S. Department of Health and Human Services detailing the breach, Leon estimated that 500 people had been affected.

Nocona has not published any statements about possible breaches to its website or social media pages. 


Healthcare facilities faced a rush of ransomware attacks in 2020, with bad actors emboldened in part by confusion and fear around the COVID-19 pandemic. 

"In 2020, we saw ransomware go mainstream," said VMware Carbon Black analysts in a report released this past week identifying the top five most prevalent strains. 

And criminals are unlikely to ease off the gas pedal anytime soon: The COVID-19 vaccines present heightened opportunities for hackers to target the supply chain as well as proprietary data and patient information.


"Let’s also not forget that psychology plays a big part in many cybercrimes. If a potential target is vulnerable, the chances of success rise significantly," said Goulding.

"Given the current climate with COVID-19, there’s a risk that many affected areas of society, research, and commerce are more vulnerable to such attacks, perhaps letting their guard down, not being as diligent as they would ordinarily be both in terms of human diligence and security technology diligence," he said.


Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.