Cyber Incident Victim: Aesthetic Dentistry OC Gastrocare Tampa Bay Surgery Center
Date:
Oct 2016
Location:
United States of America
Summary
TheDarkOverlord hacked and publicly leaked sensitive patient records from Aesthetic Dentistry, OC Gastrocare, and Tampa Bay Surgery Center, compromising nearly 180,000 individuals' personal and medical data. This breach involved the unauthorized disclosure of protected health information from the affected healthcare providers, with two incidents previously reported to regulatory authorities as part of broader healthcare sector targeting by the threat actor.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
TheDarkOverlord (TDO), a threat actor active in 2016, targeted three healthcare entities—Aesthetic Dentistry, OC Gastrocare, and Tampa Bay Surgery Center—in separate incidents occurring on or around October 14, 2016. These attacks compromised sensitive patient records, though the exact intrusion methods and initial access vectors were not disclosed in available reports. TDO exfiltrated personal and medical data from each organization, accumulating approximately 180,000 patient records across the three breaches. The breaches were not publicly disclosed by the affected entities until May 4, 2017, when TDO proactively dumped the full dataset online. This mass disclosure occurred via public channels, including Twitter, where TDO leveraged their follower base to amplify distribution. The dumped records contained identifiable patient information, though specific data elements (e.g., medical histories, financial details) were not enumerated in source documentation. Two of the three incidents had been previously cataloged by independent breach trackers and included in Protenus’s Breach Barometer industry reports prior to TDO’s dump. The delay between compromise and public exposure—approximately seven months—suggests TDO retained the data for undisclosed purposes before initiating disclosure.
The release of nearly 180,000 patient records represented one of the largest coordinated medical data dumps at the time, directly exposing victims to identity theft and privacy violations. No evidence indicated ransomware deployment or financial extortion attempts preceding the dump, distinguishing these incidents from contemporaneous healthcare breaches. The affected entities faced scrutiny regarding compliance with U.S. Health and Human Services (HHS) breach reporting rules, as source documentation questioned whether all three breaches had been properly reported to regulators within the mandated 60-day window. Public confirmation of internal investigations, forensic analyses, or remediation efforts by the dental and surgical centers was absent from available records. TDO’s actions aligned with their broader pattern of targeting healthcare organizations in 2016, though their motivations remained unstated beyond the act of dissemination itself. The long-term consequences for patients—including potential misuse of health data—were not quantified in source material.