Cyber Incident Victim: Austin Manual Therapy Associates
Date:
Oct 2017
Location:
United States of America
Summary
Austin Manual Therapy Associates, a physical therapy provider in Texas, experienced a data breach involving unauthorized access to sensitive patient information by the cybercriminal group TheDarkOverlord. The compromised data included protected health information, clinical details, and insurance authorization records for named patients. The attackers publicly referenced the intrusion through social media taunts and attempted extortion, though the victim organization did not publicly acknowledge the incident or respond to the hackers' demands. The breach exposed personal and medical data, highlighting risks of unauthorized disclosures despite the lack of confirmed details regarding the intrusion method or total affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around October 4, 2017, the hacking group TheDarkOverlord (TDO) publicly alluded to compromising Austin Manual Therapy Associates (AMTA), a physical therapy practice with two locations in Austin, Texas. TDO’s initial tweet warned, "Are you a cardiologist in Miami, FL? How about a physical therapist in Austin, TX? Watch out," followed by a direct reference to AMTA on October 11: "Austin Manual Therapy Association from Texas, how’s your response coming along?" TDO claimed in an encrypted chat with DataBreaches.net that AMTA did not respond to their demands, though the specific nature of those demands and initial contact timeline remained undisclosed. DataBreaches.net confirmed TDO provided sample exfiltrated data, including a file labeled "No Response Patients" containing protected health information (PHI), UnitedHealthcare insurance authorization records for named patients, and clinical details about individuals. AMTA’s website showed no breach notification at the time, and the practice did not respond to multiple inquiries from DataBreaches.net over the preceding week.
The compromised data included sensitive patient information such as insurance authorizations and clinical records, indicating a breach of PHI. While the exact number of affected patients and the intrusion method were not disclosed, the presence of structured clinical and insurance files suggested access to internal systems. TDO’s history of targeting healthcare entities implied potential extortion attempts, though AMTA’s lack of public engagement left its response actions unverified. The incident’s public disclosure relied solely on TDO’s claims and provided evidence, as no official statement or HIPAA breach report from AMTA was observed at the time of reporting. DataBreaches.net noted the likelihood of mandatory reporting to the U.S. Department of Health and Human Services (HHS) under HIPAA rules, which would typically require notification within 60 days. The breach occurred amid a series of TDO-linked healthcare hacks, underscoring persistent threats to patient data security from targeted cyber intrusions.