Hackers Hate on Health Care: Delaying Meals, Holding a Hospital Hostage, Stealing Brain Patient IDs and Exposing Battered Women

Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.

In case you missed our coverage this week in ThreatWatchNextgov’s regularly updated index of cyber breaches: 

Flint, Mich., Hospital Emails Show Hacktivists Infected Workstations

Newly obtained documents reveal that on Jan. 17, Hurley Medical Center’s IT staff informed employees a virus "has infected most" of the hospital's computers, adding that passwords must be changed to prevent employee credentials from being stolen.

This incident, apparently the work of online hacker collective Anonymous, was intended as a protest over the Flint water crisis.

Emails and records, obtained through the Freedom of Information Act, show a Jan. 15 cyber strike upended the hospital's food service and administrative systems.

Lunch was delayed after generic trays were dispatched and nurses were forced to supervise preparations for special diets. Some patients did not receive their lunch trays until after 4 p.m.

In the hospital's emergency room, staff were unable to print labels, ID badges or patient discharges.

The delays did not prevent hospital staff from treating patients, officials said.

Further emails show the hackers sent phishing emails in an attempt to obtain staff personal information. They also targeted employees on social media sites and made phone calls to their work, mobile and home phones, according to a Jan. 21 hospitalwide email.

Former Cop Tied to Data Dump Containing Locations of Coworkers, Battered Women

A former Palm Beach County sheriff’s deputy, with a grudge against the police department, has been linked to the online posting of confidential information on his former colleagues.

The restricted home addresses of thousands of officers, prosecutors, judges, FBI agents and others appeared on a public website over the weekend. The listing also includes addresses of facilities that house domestic-violence survivors.

How the information ended up online is a mystery.

The site that posted the information allegedly is tied to former deputy Mark Dougan, an outspoken enemy of Sheriff Ric Bradshaw and his second-in-command, Chief Deputy Michael Gauger. In a civil suit filed in 2012, Gauger accused Dougan of defaming him.

Dougan said friends in Russia were responsible, and he knew “a long time ago” hackers had the information.

Dougan said the release was retribution against the sheriff’s office, which he claimed had broken into his Facebook and email accounts without a warrant.

“It sucks, but if the government doesn’t want their privacy breached, then they can’t go around breaching the privacy of citizens without a warrant,” he said. “Yes, 4,000 people were not involved in hacking my stuff, but those 4,000 people didn’t do anything to stop it.”

The property appraiser director of exemption services, who handles requests by police officers to redact their home addresses, said no one had breached the office’s database.

IDs of Car Dealers, Patients with Brain Disease Stolen to Defraud Banks of $1.6M

At least two individuals allegedly were involved in a scheme that cribbed personal details on Memphis Neurology patients as far back as 2011. One suspect worked for the health practice.

The stolen data, along with information from personal acquaintances and car dealers, was exploited to collect fraudulent funds, totaling $1,660,587.30, from various financial institutions.

"We were informed by the authorities that there had been an arrest made in an ongoing case of identity theft, which our practice was a victim of," Memphis Neurology office manager Ann McFall said.

No medical records were affected.

The Memphis Neurology accomplice, whose name has not been released, was fired once an investigation started. The timing of that investigation is unclear.

According to the Justice Department, Memphis resident Jeremy Jones allegedly used the ill-begotten data to apply for loans and credit cards and open bank accounts in the individuals’ names without their knowledge.

The co-conspirator copied patient information from the neurology office’s database and supplied it to Jones in exchange for cash. 

Hollywood Hospital Data Held Hostage; Hackers Demand $3.5 Billion in Bitcoin

Staff at the Hollywood Presbyterian Medical Center noticed "significant IT issues and declared an internal emergency,” hospital president and CEO Allen Stefanek says.

The assault has shut down the computer system at the center for more than a week.

Several hospital staff members say hackers are demanding a bounty of $3.4 billion in bitcoins in exchange for key codes to restore the system.

Stefanek says the attack was "random.”

He said 911 patients in ambulances are being sporadically diverted to other hospitals, and all registrations and medical records are being written on paper.

Jackie Mendez and her 87-year-old ailing mother had to drive more than an hour to pick up medical tests in person, Mendez said.

Belmont West said he came into the hospital Friday and was told he could not access his grandmother's medical test results.

"It's a little worrying because when you go to a hospital you expect the best care, but it seems there is some sort of delay and failure in the system," he said. 

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.