Hackers Hate on Health Care: Delaying Meals, Holding a Hospital Hostage, Stealing Brain Patient IDs and Exposing Battered Women

Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.

In case you missed our coverage this week in ThreatWatchNextgov’s regularly updated index of cyber breaches: 

Flint, Mich., Hospital Emails Show Hacktivists Infected Workstations

Newly obtained documents reveal that on Jan. 17, Hurley Medical Center’s IT staff informed employees a virus "has infected most" of the hospital's computers, adding that passwords must be changed to prevent employee credentials from being stolen.

This incident, apparently the work of online hacker collective Anonymous, was intended as a protest over the Flint water crisis.

Emails and records, obtained through the Freedom of Information Act, show a Jan. 15 cyber strike upended the hospital's food service and administrative systems.

Lunch was delayed after generic trays were dispatched and nurses were forced to supervise preparations for special diets. Some patients did not receive their lunch trays until after 4 p.m.

In the hospital's emergency room, staff were unable to print labels, ID badges or patient discharges.

The delays did not prevent hospital staff from treating patients, officials said.

Further emails show the hackers sent phishing emails in an attempt to obtain staff personal information. They also targeted employees on social media sites and made phone calls to their work, mobile and home phones, according to a Jan. 21 hospitalwide email.

Former Cop Tied to Data Dump Containing Locations of Coworkers, Battered Women

A former Palm Beach County sheriff’s deputy, with a grudge against the police department, has been linked to the online posting of confidential information on his former colleagues.

The restricted home addresses of thousands of officers, prosecutors, judges, FBI agents and others appeared on a public website over the weekend. The listing also includes addresses of facilities that house domestic-violence survivors.

How the information ended up online is a mystery.

The site that posted the information allegedly is tied to former deputy Mark Dougan, an outspoken enemy of Sheriff Ric Bradshaw and his second-in-command, Chief Deputy Michael Gauger. In a civil suit filed in 2012, Gauger accused Dougan of defaming him.

Dougan said friends in Russia were responsible, and he knew “a long time ago” hackers had the information.

Dougan said the release was retribution against the sheriff’s office, which he claimed had broken into his Facebook and email accounts without a warrant.

“It sucks, but if the government doesn’t want their privacy breached, then they can’t go around breaching the privacy of citizens without a warrant,” he said. “Yes, 4,000 people were not involved in hacking my stuff, but those 4,000 people didn’t do anything to stop it.”

The property appraiser director of exemption services, who handles requests by police officers to redact their home addresses, said no one had breached the office’s database.

IDs of Car Dealers, Patients with Brain Disease Stolen to Defraud Banks of $1.6M

At least two individuals allegedly were involved in a scheme that cribbed personal details on Memphis Neurology patients as far back as 2011. One suspect worked for the health practice.

The stolen data, along with information from personal acquaintances and car dealers, was exploited to collect fraudulent funds, totaling $1,660,587.30, from various financial institutions.

"We were informed by the authorities that there had been an arrest made in an ongoing case of identity theft, which our practice was a victim of," Memphis Neurology office manager Ann McFall said.

No medical records were affected.

The Memphis Neurology accomplice, whose name has not been released, was fired once an investigation started. The timing of that investigation is unclear.

According to the Justice Department, Memphis resident Jeremy Jones allegedly used the ill-begotten data to apply for loans and credit cards and open bank accounts in the individuals’ names without their knowledge.

The co-conspirator copied patient information from the neurology office’s database and supplied it to Jones in exchange for cash. 

Hollywood Hospital Data Held Hostage; Hackers Demand $3.5 Billion in Bitcoin

Staff at the Hollywood Presbyterian Medical Center noticed "significant IT issues and declared an internal emergency,” hospital president and CEO Allen Stefanek says.

The assault has shut down the computer system at the center for more than a week.

Several hospital staff members say hackers are demanding a bounty of $3.4 billion in bitcoins in exchange for key codes to restore the system.

Stefanek says the attack was "random.”

He said 911 patients in ambulances are being sporadically diverted to other hospitals, and all registrations and medical records are being written on paper.

Jackie Mendez and her 87-year-old ailing mother had to drive more than an hour to pick up medical tests in person, Mendez said.

Belmont West said he came into the hospital Friday and was told he could not access his grandmother's medical test results.

"It's a little worrying because when you go to a hospital you expect the best care, but it seems there is some sort of delay and failure in the system," he said.