The Surgeons of Lake County, a medical facility in the northern Illinois suburb of Libertyville, revealed last month that hackers had burrowed deeply into its computer network, infiltrating a server where e-mails and electronic medical records were stored, Bloomberg.com reported on its Tech Blog.
Unlike many other data breaches, the hackers made no attempt to keep their presence a secret.
The doctors turned the server off and notified the authorities, refusing to pay.
"This story is so ironic -- most people worry that their health records will be spread all over their local newspaper," said Dorothy Glancy, a professor at Santa Clara University's law school who specializes in digital privacy.
The Surgeons of Lake County isn't the first health care provider to be targeted by extortionists.
The incident, which was spotted by privacy blogger Dissent Doe in a federal database of health-related breaches, showcases an unsettling new strain of opportunism that is emerging as criminals try to exploit the industry's shift to digital medical records.
Until now, medical-data blackmail has been a niche crime, largely because of the difficulty and risk involved.
Security and privacy risks are also emerging with the creation of "health information exchanges," vast databases that states are setting up to handle electronic medical records.
Automated Summary from: BloombergBusinessWeek