The nefarious hacker dubbed TheDarkOverlord is once again targeting the healthcare industry and attempting to extort Massachusetts-based SMART Physical Therapy to regain the personal data of 16,428 of its patients.
The hacker made the announcement on its Twitter account on Friday night. SMART did not respond to a request for comment by time of publication, and this story will be updated if more information becomes available.
[Also: TheDarkOverlord honors threat, exposes 180,000 patient records]
TDO told DataBreaches that they demanded SMART pay ransom in Bitcoin, but declined to comment on the amount. However, SMART officials said they aren’t even considering paying the extortion demand and won’t even communicate with TDO as they are criminals.
The cybercriminal also provided DataBreaches the exfiltrated documents, which includes all unencrypted text of patient names, addresses, emails, dates of birth, Social Security numbers, passwords and the like.
[Also: The biggest healthcare breaches of 2017 (so far)]
Per the norm, TDO did not admit how he or she was able to obtain the data. And DataBreaches said it sounded as if SMART was unaware of the breach before the extortion attempt. The breach is not listed on the U.S. Department of Health and Human Services’ Office of Civil Rights breach reporting tool.
Most recently, TDO attempted to extort Beverly Hills Provider Dougherty Laser Vision in July. One of their largest breaches was 10 million records from organizations connected to the HL7 network in 2016.
The hacker is also responsible for hacks on the Indiana Cancer Agency, Aesthetic Dentistry, OC GastroCare, Tampa Bay Surgery Center and a long list of others.
Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com