Dive Brief:
- A group of hackers known as the Dark Overlords has put about 500 patient records up for sale on the black market, Healthcare IT News reports. The records were among some 397,000 stolen from Georgia-based Athens Orthopedic Clinic.
- The hackers breached the clinic’s electronic medical records system using a third-party vendor’s credentials.
- This is at least the third time the hackers have attempted to sell personal information on the dark net.
Dive Insight:
The information stolen from Athens Orthopedic Clinic incudes names, addresses, Social Security numbers, dates of birth, and telephone numbers. Some patient records also included diagnoses and bits of medical history. The law firm Keller Rohrback is investigating the attack.
In June, Dark Overlords announced the sale of records from three hospital databases — one in Farmington, MO, one in Atlanta and one at a hospital in the central or Midwestern part of the US. That was followed days later by the posting of 9.3 million health records on TheRealDeal market.
In an October 2015 report, Accenture estimated that U.S. health systems could lose $305 billion from coordinated cyberattacks.
The federal government is taking steps to address the rising threat of cyberattacks on EMR databases. In his 2017 budget proposal, President Obama called for $19 billion for cybersecurity initiatives that would protect healthcare data. And earlier this summer, HHS released guidance on how providers should respond to ransomware attacks.
A message on Athens Orthopedic Clinic’s website says it has retained cybersecurity experts to investigate and recommend improvements to its system, and is implementing those suggestions.