A British man accused of copying patient records and threatening to sell them was sentenced to five years imprisonment by a U.S. court, reports the BBC. Nathan Wyatt, 39, operated under the aegis of hacking group "The Dark Overlord" and was also ordered to pay $1.5m in restitution to victims.
Federal prosecutors said The Dark Overlord stole medical records, client files and personal information from the US companies, then demanded between $75,000 and $300,000 (£58,000-£234,000) worth of Bitcoin to return the information.
While none of the companies paid the ransom, the conspiracy cost them due to the intrusion and release of data, according to federal prosecutor Laura Kathleen Berstein.
Wyatt was indicted in 2017 and extradited from the UK in 2019; he was already serving a jail term on unrelated blackmail and fraud convictions.
Exploiting vulnerabilities in remotely accessing computers used by vendors or employees, the hackers obtained sensitive information then offered that information for sale on "criminal forums and marketplaces," the indictment said. They also threatened to release the information in a series of emails, text messages and voicemails in June and July of 2016 unless the companies paid ransom in the cryptocurrency bitcoin, the indictment said.
In a July 17, 2016, text message to the daughter of the owners of the Farmington company, the hackers wrote, "by the way did your daddy tell you he refused to pay us when we stole his company files in 4 days we will be releasing for sale thousands of patient info. Including yours…," the indictment alleged.