Central Ohio Urology Group falls victim to hacker; 105,000 documents stolen

A Ukrainian hacker said he has stolen over 105,000 internal documents from Central Ohio Urology Group, based in Gahanna, Ohio. 

The cybercriminal posted a screenshot of a list containing a few dozen names, addresses, dates of birth and diagnoses to Twitter, claiming to have uploaded 156GB of data to a Google Drive.

At the time of publication, a Central Ohio Urology Group spokesperson was unavailable for comment.

[Also: 'Dark Overlords' suspected in Athens Orthopedic Clinic data breach]

The breach was the result of a document manager system dump, Lee Johnstone, a security researcher and founder of Cyber Wars News told ZDNet. There were more than 46,000 Microsoft Word documents, 54,500 PDF files and other data, such as executable files, systems files and other healthcare-related apps.

While the screenshot provided by the hacker revealed patient data, many of the stolen files were internal documents from the health organization, he added. However, some documents contained insurance-related files and health reimbursement details, including billing information.

[Also: Hacker TheDarkOverlord stole more patient records, images than originally thought, InfoArmor reports]

The breach also contained non-password protected Excel files with log files for the past six months, which included doctors' names, surgery details and drug information, Johnstone continued.

The hacker claimed the attack was carried out for political reasons, according to DataBreaches.net. The hacker also said he gained access through a SQL injection, which is relatively easy to perform on out-of-date systems, ZDNet reported.

This article first appeared in Healthcare IT News.

Twitter: @JessiefDavis