Another health care provider was targeted by TheDarkOverlord in September 2017.

This isn’t the first time we’ve reported on the escapades of TheDarkOverlord.  The person or group that identify as “TheDarkOverlord” seem to target health care entities to show just how weak the organizations’ defenses are.  Recently, TheDarkOverlord attacked a Massachusetts provider, SMART (Sports Medicine and Rehabilitation Therapy) Physical Therapy.  TheDarkOverlord even went so far as to announce the attack on Twitter, states databreaches.net.

Information at the Physical Therapy office was accessed through a weak password in some outdated software.  The software in question was the Patterson PTOS, which was discontinued in March 2017. Keeping software updated is essential for safeguarding Protected Health Information (PHI).

TheDarkOverlord requested the Physical Therapy office pay a ransom in Bitcoin (BTC).  The owner, Joanne Ponte, told databreaches.net that she would not be paying the ransom and stated that TheDarkOverlord is a criminal or group of criminals.

In the following days, TheDarkOverlord revealed more information regarding what was collected, including more than 16,000 patient records.  The information contained in those patient records included name, contact information, dates of birth, occupations, and Social Security Numbers.

Databreaches.net states that “it was clear to me that they had no idea that they had been hacked – despite any emails TheDarkOverlord may have sent them.”

This is not uncommon.  Many health care providers learn that there has been a breach from an outside party, but not necessarily from the person or people who attacked them.

This situation highlights the need to use updated software whenever possible.  If you know that something is reaching end of life (often the company notifies everyone beforehand) you need to start making plans to move to a different software.  Using outdated software means that there is no longer support so there could be new vulnerabilities discovered without patches to fix those vulnerabilities.

To learn more about what you can do to protect your patient records, join HIPAAgps today.