Ohio clinic hit by hackers, thousands of health records stolen

Over 105,000 internal documents were uploaded to a Google Drive.
Written by Zack Whittaker, Contributor
Image: File photo

A hacker has stolen over 100,000 internal documents, including many with personal health information on patients, from a large, Ohio-based medical practice.

A Ukrainian hacker claimed on Twitter to have carried out the attack and included a screenshot of a couple dozen names, addresses, dates of birth, and diagnoses.

The hacker uploaded upwards of 156GB of data to a Google Drive, which we're not linking to, from the Central Ohio Urology Group based in Gahanna, Ohio. The health group has 24 locations, according to its website, and is a member of Mount Carmel Health System, which it claims is the second-largest healthcare system in the state.

A spokesperson for the group had no comment when reached by phone Tuesday.

Lee Johnstone, a security researcher and founder of Cyber Wars News, who helped comb through the data, shared access with ZDNet. He was also able to offer an at-a-glance view of whose data was caught up in the databases.

Johnstone said that the breach was a dump of a document manager system. He added that there were more than 46,600 Word documents and 54,500 PDF documents. Many of the other files included executable files, system files, and other apps relating to healthcare and center management.

One of the files included a Windows 7 disk image, he said.

Though the hackers' tweeted screenshot showed personal health records of a sample of patients, most of the files in the breach appeared to be internal documents. Some of the documents, however, included filled-in health reimbursements and insurance-related files. Many of these files related to billing and included the amounts paid and due.

A cursory search also found non-password protected Excel documents, with log files for the past six months ending in June, relating to surgeries, which included doctor names, times of surgeries, and drugs used in the procedures.

The purported hacker did not respond to an email asking for comment, motive, and how the attack was carried out. According to DataBreaches.net, which also reported on this story, the hacker carried out the attack for "political purposes".

The attack was allegedly carried out by an SQL injection, an often easy-to-carry out attack for out-of-date systems.

Editorial standards