Malicious Actors Are Conducting Targeted Healthcare Industry Attacks

Random ransomware attacks on healthcare organizations are a cause for concern, although the recent spate of targeted healthcare industry attacks are even more worrying. Malicious actors have stolen the protected health information of close to 10 million individuals and those records have now found their way onto underground marketplaces.

The attacks did not involve ransomware, although a ransom demand was allegedly issued to each of the healthcare organizations that were attacked. A malicious actor operating under the name TheDarkOverload managed to hack into healthcare databases and stole large volumes of PHI. Each organization was then contacted and told that they could prevent the sale of their patients’ data – and have the exploited security vulnerability fixed – if a “ransom” was paid. The amount the attacker asked for was not disclosed, although it was small in comparison to the cost of dealing with the attack and the potential fallout from having the data sold.

Targeted Healthcare Industry Attacks took Advantage of Poor Cybersecurity Practices

Security Firm InfoArmor recently reported that at least four targeted healthcare industry attacks had occurred. The attacks had targeted medical devices such as X-ray machines, MRI systems, and mobile computing workstations. One of the main aims of the attacks was to gain access to the data stored in EMR systems. Highly sensitive data including patients’ names, along with their medical histories, medical diagnoses, test results, insurance information, and Social Security numbers are stored in the systems. Those data carry a high value on the black market and can be used to commit a multitude of fraud.

InfoArmor reports that in some cases, patient data were stored in Microsoft Access databases with poor security. If the system was compromised and a malicious actor was able to gain access to the computers/servers used to store the data, they would be able to exfiltrate the entire database. No special user access controls had been used in some cases. That is exactly what happened.

More than 10 Million Healthcare Records Listed for Sale

While the attacker did not name the organizations that had been attacked, investigated. Three of the organizations attacked by the DarkOverLord were Midwest Orthopedic Pain & Spine in Farmington, Missouri (48,00 records), Athens Orthopedic Group in Athens, Georgia (397,000 records), and P&O Care in Fairview, Illinois (23,565 records).

9.3 million members’ records were also stolen from a health insurer – or one of its business associates – and have been listed for sale, as have 34,000 records from a healthcare organization in the Bronx. A further 210,000 patient records were stolen from a health organization in Oklahoma, according to Over 10 million records have now been listed for sale as a result of these recent targeted healthcare industry attacks.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of