A Ukrainian hacker has claimed responsibility for pinching more than 100,000 internal documents from an Ohio-based health system.
The crook, going by the Twitter moniker ‘Pravyy Sector’, uploaded more than 156 gigabytes of stolen data to a Google Drive and took to social media to boast of his achievement, posting a screenshot showing patient information such as names and addresses, dates of birth and diagnoses. However, the majority of the files appear to be internal documents with some detailing insurance information and health reimbursements.
It is believed the attack was carried out by an SQL injection, an all-too-common technique cyber-criminals opt for to exploit out-of-date IT systems.
The breach of the Central Ohio Urology Group, which is based in Gahanna and said to be the second-largest healthcare system in the state, is just another example of the growing prevalence of attacks on the healthcare sector, with hackers becoming more and more focused on targeting medical companies to steal personal and highly-sensitive data.
“Healthcare organizations are prime targets for hackers, and ensuring adequate protection of sensitive information across data types, users and systems is paramount,” said Scott Gordon, chief operating officer at FinalCode. “The breach of the Central Ohio Urology Group illustrates how healthcare system file collaboration has become the new data leakage frontier.”
“Given HIPAA and HITECH legislation, providers need to assume incidents will occur. A proactive stance, invoking available encryption and usage control on files such as the more than 100,000 exposed Microsoft and Adobe documents in the Ohio breach, would have secured this regulated data and enabled breach disclosure safe harbors,” he added.