Hospital hackers leak 156GB

Miscreants have taken 156GB of sensitive medical files and internal documents from the Central Ohio Urology group in the US – and leaked the lot online.

That's according to those who have inspected the dumped data, which appeared briefly in a publicly shared Google Drive account on Monday. The 105,000 swiped files were uploaded by a hacker gang called Pravyy Sector, which apparently has links to Ukraine's far-right.

It appears the archive contains mostly a mix of Word, PDF, text and executable files: there are, we're told, reports of patients' visits along with their diagnosis and treatments, scans of confidential medical records including citizens' personal contact details and social security numbers, and software for the IT department along with serial numbers.

There's also Excel spreadsheets, log files dating back six months, and financial information in the mix.

There are also signs of a ransomware infection in the copied file system. Judging from date stamps on the leaked files, the network infiltration and data extraction happened around July 22. The files were lifted from a compromised document management program.

We've contacted Central Ohio Urology – the second-largest urology practice in the state – for comment. The healthcare group told the Columbus Dispatch it is investigating the apparent security breach. ®

Biting the hand that feeds IT © 1998–2019