Ohio health system hit by hackers, thousands of health records stolen

hackers-lede.jpg

(Image: file photo)

A hacker has stolen over a hundred thousand internal documents, including many that have personal health information on patients, from an Ohio-based health system.

A Ukrainian hacker claimed on Twitter that they had carried out the attack along with a screenshot of a couple of dozen names and addresses, dates of birth, and diagnoses.

The hacker uploaded upwards of 156 gigabytes of data to a Google Drive, which we’re not linking to, from the Central Ohio Urology Group, based in Gahanna, Ohio. The health group has 24 locations according to its website, and is owned by Mount Carmel Health System, said to be the second-largest healthcare system in the state.

A spokesperson for the group had no comment when reached by phone Tuesday.

Lee Johnstone, a security researcher based and founder of Cyber Wars News, who helped comb through the data, shared access with ZDNet. He was also able to offer an at-a-glance view of whose data was caught up in the databases.

He said that there were more than 46,600 Word documents, and 54,500 PDF documents. Many of the other files included executable files, system files, and other apps relating to healthcare and center management.

One of the files included a Windows 7 disk image, he said.

Though the hackers’ tweeted screenshot showed personal health records of a sample of patients, most of the files in the breach appeared to be internal documents. Some of the documents, however, included filled in health reimbursements and insurance-related files. Many of these files related to billing, and included the amounts paid and due.

A cursory search also found non-password protected Excel documents with log files for the past six months ending June, relating to surgeries, which includes doctor names, times of surgeries, and drugs used in the procedures.

The purported hacker did not respond to an email, asking for comment, motive, and how the attack was carried out. According to DataBreaches.net, who also reported on this story, said the hacker carried out the attack for “political purposes.”

The attack was allegedly carried out by an SQL injection, an often easy-to-carry out attack for out-of-date systems.

Developing, more soon…

THIS YEAR IN HACKS