A Ukrainian hacker has stolen more than 100,000 internal documents from Central Ohio Urology Group, a small medical practice in Gahanna, Ohio. The hacked data include personal health records from 2013–2014 containing patients’ names, addresses, phone numbers, diagnoses, and insurance providers.
The hacker told DataBreaches.net that he had political motives––the hack was meant as a “warning” so that “no one thought to poison our people with the virus from secret laboratories.” He claimed that Pentagon research is behind “secret injections” that are killing people in his homeland.
According to FierceHealthcare, U.S. Army Medical Research Unit–Georgia, part of the Walter Reed Army Institute of Research, is researching combat-associated infections in the Caucasus region. There was no evidence that Central Ohio Urology Group was involved in any such activity. The hacker admitted that he targeted the medical group, rather than the Pentagon or a government research facility, because “I can hack less protected system.”
“Big organizations have huge security teams,” said Columbus-based online-security expert C. Matthew Curtin. “But small offices don’t have the money to pay big-time security people.”
“The target is really the media,” Curtin said. “You’re going for eyeballs. Terrorists didn’t start hijacking airplanes in the 1970s because they wanted airplanes. They wanted attention.”
In related news, Arizona-based Banner Health, a nonprofit organization that runs a chain of hospitals, has announced that hackers may have gained access to patient, physician, and beneficiary data. According to Reuters, the company is notifying 3.7 million patients, health plan members, food and beverage customers, physicians, and health care providers about the attack, which occurred between June 23 and July 7.
The hackers may have gained access to computer systems that process payment card data at food and beverage outlets at some Banner Health locations. The company operates in Alaska, Arizona, California, Colorado, Nebraska, Nevada, and Wyoming.