Cyber Incident Victim: Adult Internal Medicine of North Scottsdale
Date:
Jul 2017
Location:
United States of America
Summary
The healthcare entity Adult Internal Medicine of North Scottsdale experienced a network server breach attributed to TheDarkOverlord, a hacking collective known for targeting medical organizations. The attackers attempted extortion by demanding ransom for stolen patient data, subsequently providing a sample of records to a cybersecurity outlet when their demands were unmet. The incident compromised information of 11,798 individuals, with delayed public disclosure occurring after initial private awareness of the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The breach involving Adult Internal Medicine of North Scottsdale was publicly disclosed in a notification submitted to the U.S. Department of Health and Human Services (HHS), which listed the incident as occurring on or around July 1, 2017. The hacking incident affected 11,798 patients and was categorized as a network server compromise. The attacker, identified by the pseudonym TheDarkOverlord (TDO), a hacking collective active in targeting healthcare entities since March or April 2017, claimed responsibility for the intrusion. TDO contacted DataBreaches.net in July 2017, asserting they had breached the medical practice’s systems, attempted to extort the organization, and threatened to release patient data publicly if their demands were unmet. At the time, TDO provided a sample of patient records to DataBreaches.net to substantiate their claim but declined to furnish additional evidence when pressed for verification. The medical practice, led by Dr. Jay Friedman, did not publicly confirm or deny TDO’s assertions during initial outreach by DataBreaches.net in July, and no breach notification appeared on the practice’s website as of the article’s publication date.
The HHS breach report, published after the incident, did not explicitly attribute the attack to TDO or reference extortion attempts, reflecting the agency’s standard reporting format, which lacks specific codes for ransomware or extortion-related incidents. The breach’s impact was confined to unauthorized access to patient data stored on the practice’s network server. TDO’s pattern of behavior mirrored prior incidents, including their breach of Hand Rehabilitation Specialists, where they similarly attempted extortion before leaking data after failed negotiations. Adult Internal Medicine of North Scottsdale’s delayed public disclosure, occurring months after TDO’s initial July claims, aligned with the collective’s tactic of pressuring victims through threats of data exposure. No further communication from TDO regarding this specific breach occurred after July 22, 2017, and no large-scale data dump was reported following the initial sample leak. The practice’s breach notification to HHS marked the only official acknowledgment of the incident at the time of reporting.