Why Did The Peachtree Orthopedics Breach Occur?

In September 2016 Peachtree Orthopedics announced that it had suffered a massive data breach. According to a December 2016 WSB-TV Investigative Report, the cyberattack on Peachtree Orthopedics put approximately 531,000 people at risk of identity theft. The number of stolen medical records makes this the largest medical data hack in Georgia during 2016. In fact, the extensive breach currently ranks as the 6th worse in the country for the number of people who are now at risk for identity theft. Peachtree Orthopedics has been cooperating with local and national authorities to try and mitigate the risks associated with the data breach; however, many of the affected individuals are still reeling from the shock of the data breach.

What Do The Hackers Have To Say About The Data Theft?
“The Dark Overlord” has taken responsibility for the theft. It appears from a recent press release that the hacking group was hoping to hold the data hostage for a set payment. However, as of December 2016, Peachtree Orthopedics had declined to pay the ransom. According to a press release from the hackers who stole the data, “It all began many months ago when we acquired [approximately] 543k patient records which contain both PII and PHI – well before the date of breach notice and alleged date of breach. [Approximately] 543,879 records for anyone counting. Oh, the things one could do with so much data! Some of you have been so kind as to suggest what to do with it all (Hello, ICIT!).”

It appears that the hackers were able to access the sensitive data via stolen login credentials. While the authorities are still determining how the login credentials were compromised, IT security experts believe that the hackers might have used a phishing scam. A typical phishing scam will use a fraudulent email that encourages the receiver to “click here to verify account information,” or to “download a password reset form due to unauthorized account information.” Once the reader has clicked on the link, or downloaded the file, the hackers will have gathered the information necessary to infiltrate the secure network.

No matter whether the hackers used a phishing scam to steal the login credentials, or another form of infiltration, one thing is certain — the hackers wreaked havoc once they gained access to Peachtree Orthopedics’ network. Upon entering the network the hackers were able to steal approximately 531,000 medical records before the breach was discovered and stopped. The reason for the theft is simple: money. Credit card records trade for under one dollar on the “Cyber Black Market,” however, medical records can trade for up to five dollars. In simple financial terms, this means that the hacking group might sell the confirmed 531,000 stolen records for approximately $2,655,000.

What Lessons Can Be Learned From The Peachtree Orthopedics Breach?
All businesses should learn from the Peachtree Orthopedics data breach. The lesson is clear: the necessary precautionary measures must be implemented if businesses are to protect their data, as well as the personal information of their customers, clients, and vendors. Only through the appropriate security protocols can businesses remain one step ahead of data hackers and cyber criminals. Contact ✅ IT Services By Colorado Computer Support located in Colorado Springs via blake@coloradosupport.com or (719) 355-2440 to take the IT security steps needed to protect your business today!