Dark OverLord Group Attacked SMART Physical Therapy

by | Oct 2, 2017

Hacking group TheDarkOverlord, after an apparent period of inactivity,  has claimed responsibility for another successful attack on a U.S. healthcare supplier. This time the victim was Mass-based SMART Physical Therapy (SMART PT).

The announcement of the data theft was disclosed by TDO on Twitter on Friday 22, 2017, with the hack reportedly happening on September 13, 2017.  No details about how access to the data was gained were provided,  although it was confirmed to databreaches.net that the attack took advantage of the use of weak passwords. The entire database of patients was reportedly obtained.

Databreaches.net was provided with the information held on the patient database and has confirmed that the attack is genuine. The database included a wide variety of data on 16,428 patients, including patients contact details, dates of birth and Social Security numbers.

A demand for payment in Bitcoin was reportedly sent to SMART PT as part of an extortion attempt. SMART PT spokesperson Joanne Ponte confirmed to databreaches.net that they refuse to communicate with criminals and give into extortion or ransom demands.

TDO was ro blame for many hacking attacks on healthcare providers over the past two years, including Ca-based Dougherty Laser Vision, Little Red Door Cancer Services of East Central Indiana, Hand Rehabilitation Specialists, Tampa Bay Surgery Center, OC GastroCare, Aesthetic Dentistry and Athens Orthopedic Clinic, among others. In a few cases, the failure to respond to emails and the refusal to give in to the extortion demands has resulted in patient data being made publicly available online.

Since the ransomware attack only occurred recently, the scam has yet to be made known to the Department of Health and Human Services’ Office for Civil Rights and patients have not yet been provided with details of the breach. SMART PT is currently reviewing what happened and is following its internal breach response protocol.

Further information on the incident can be seen here.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy