Idaho Man Gets 10 Years for Threatening Doctor with Leak of His Own Child’s Data, Hacking Clinics, and More

An Idaho man was sentenced this week to 10 years in prison for hacking into the servers of healthcare and state departments across the United States, stealing personal data belonging to more than 132,000 people, and attempting to extort a Florida orthodontist by threatening to leak’s his own child’s personal data online.

In 2017, 45-year-old Robert Purbeck, a resident of Meridian in the US state of Idaho, ventured onto the darknet to buy access credentials for company servers to steal sensitive data. It began with the server of a medical clinic in Griffin, Georgia.

He accessed the clinic’s database and copied 43,000 records containing sensitive personal information, including names, addresses, birth dates, and social security numbers.

One hack after another

In 2018, he was at it again. He purchased access to a police department in Newnan, Georgia. He used the stolen credentials to hack into the department’s servers to extract police reports and other documents, including the personal data of some 14,000 people.

That same year, Purbeck tried to extort a Florida orthodontist, demanding a Bitcoin ransom payment in return for his stolen patient files. He threatened to sell the patient's personal information unless the orthodontist paid the ransom.

The hacker went so far as to threaten the orthodontist with selling his own child’s personal data.

“Purbeck harassed the orthodontist and his patients for 10 days with numerous threatening emails and text messages,” according to the US Justice Department.

More than 400 victims

In 2019, the FBI knocked on Purbeck’s door and executed a federal search warrant, seizing multiple computers and electronic devices that contained personal information of over 132,000 individuals, obtained through several data breaches.

According to the DOJ, Purbeck's cyber fraud conspiracy victimized over 400 people across the United States.

Personal records, especially healthcare records, fetch handsome sums on hacker forums where fraudsters eagerly buy stolen data for socially engineered scams,

Purbeck pleaded guilty in March to two counts of intentionally accessing and obtaining information from a protected computer without authorization. The press release doesn’t mention any counts of extortion. He will spend the next 10 years behind bars, the DOJ says.

In addition to his prison term, Purbeck will also serve three years of supervised release and has been ordered to pay $1 million in restitution to his victims.

Protect your data

Last week, a Nigerian national was sentenced to 10 years in prison for robbing people of their life’s savings by hacking the emails of their real estate agents and swapping bank accounts, the DOJ announced. The story offered a clear example of why small and medium-sized organizations – like those hacked by Purbeck – should take cybersecurity more seriously.

Read: How Scammers Stole $20 Million by Hacking Emails of Real Estate Agents – Here’s Why Small Firms Must Take Cybersecurity Seriously

Bitdefender strongly recommends that small organizations deploy dedicated security software to limit the chances of a successful breach.

Bitdefender Ultimate Small Business Security, an extended version of our consumer-friendly security suite, includes malware detection, ransomware prevention, email protection, account breach protection, scam protection, and VPN. Thanks to a natural, intuitive dashboard designed for use even by non-techies, it can be administered by anyone in your organization.

To see it in action, visit https://www.bitdefender.com/en-us/consumer/small-business-security.

If you've been affected by a data breach, consider a data monitoring service like Bitdefender Digital Identity Protection to find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is for sale to fraudsters on the dark web.