Main Ohio Urology Consortium Notifies 300K Patients of PHI Thievery

Patients of Central Ohio Urology Consortium whose safeguarded health information was thieved and displayed live in August have now been informed of the safety break.

Although it’s not sure precisely when the hack happened, the data thieved in the cyberattack were put live on August 2, 2016. Hackers uploaded a wide variety of patient files to Google Drive that were freely accessible. Pravvy Sector (Pravyi Sektor) – the hackers behind the assault – sent out linkages to the files on Twitter.

The files seemed to have been thieved from an inner computer network operated by Central Ohio Urology Consortium. Access to the computer network is assumed to have been achieved utilizing SQL injection – a method usually employed by hackers to access web app database computer networks. At the stage, it was not clear precisely how many sick persons had been affected by the break, even though the thieved data contained 401,828 files including documents, text files, videos, images, and worksheets.

Main Ohio Urology Consortium has now verified that it became conscious of the break on August 2 after the files were displayed live. An Action was instantly taken to delete the files. As per the break notification “We communicated police and removed information from the live drive in hours.”

An inquiry was carried out to decide how data was accessed, and all of the thieved files were studied to decide how many people had been affected. The break notice sent to the Division of Health and Human Services’ OCR shows 300K patients were affected.

The files thieved in the attack contained the names of patients, diagnoses, telephone numbers, medical histories, addresses, employment-related information, email addresses, account information, dates of birth, patient ID numbers, health insurance information (including identifiers), Social Security numbers, State ID numbers, driver’s license numbers, health plan and cure information.

Main Ohio Urology Consortium has offered all impacted patients one year of free identity thievery protection facilities, and measures have been taken to boost safety to avoid future data breaks. Those steps contain a network monitoring software, new firewall, and controls to limit access to patient files.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.