Robert Purbeck, a 45-year-old Idaho resident, was recently sentenced to a decade in prison for hacking into at least 19 organizations, stealing personal data from over 132,000 individuals, and engaging in multiple extortion attempts.
What happened
Purbeck, operating under aliases like ‘Lifelock’ and ‘Studmaster,’ conducted cyberattacks targeting organizations across the U.S. Between 2017 and 2018, he purchased unauthorized access to servers on darknet marketplaces, allowing him to steal sensitive data and demand ransoms.
In 2017, he accessed a Georgia medical clinic’s server and exfiltrated the personally identifiable information (PII) of 43,000 individuals. The following year, he infiltrated a police department server in Georgia, stealing reports and personal information from 14,000 individuals. Purbeck targeted a Florida orthodontist by mid-2018, threatening to sell stolen patient files unless paid a ransom.
Authorities apprehended him in 2019, finding data from 132,000 individuals on his devices. He pleaded guilty in March 2024 to unauthorized computer access, receiving a 10-year prison sentence, three years of supervised release, and an order to pay over $1 million in restitution.
What was said
“During the search, the FBI seized multiple computers and electronic devices, which contained personal information of over 132,000 individuals, obtained through Purbeck’s numerous data breaches,” the U.S. Justice Department stated in a press release.
By the numbers
- 19 organizations targeted in cyberattacks.
- 43,000 individuals’ data stolen from a medical clinic.
- 14,000 victims from a Georgia police department breach.
- Over $1,048,700 was ordered in restitution payments to victims.
Why it matters
Cybercriminals are continually exploiting vulnerable systems for personal gain. With healthcare and law enforcement agencies frequently targeted, providers must improve their cybersecurity.
The bottom line
Healthcare organizations must use proactive cybersecurity measures like encrypted communication and regular security audits to mitigate the risk of potential data breaches.
Learn more: HIPAA Compliant Email: The Definitive Guide
FAQs
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that sets standards for safeguarding protected health information (PHI).
Who must comply with HIPAA?
HIPAA applies to healthcare providers, health plans, healthcare clearinghouses, and their business associates.
What is a data breach?
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
