A 45-year-old hacker named Robert Purbeck was sentenced to 10 years in prison for attacking several U.S. healthcare companies, breaching their systems, stealing sensitive information, and trying to extort from them. Purbeck is an IT expert who previously worked for Ada County in Idaho. He hacked no less than 19 companies from 2017 to 2018 and the personal information of over 132,000 people. Purbeck, whose nicknames are Lifelock and Studmaster, acquired access to victims’ systems utilizing stolen credentials bought on darknet marketplaces including AlphaBay. He accessed and exfiltrated sensitive information and required ransom payments to stop the exposure of the stolen information.
Purbeck’s first victim from the U.S. was Family Medical Center located in Griffin, Georgia. He bought credentials that permitted him to get access to the medical clinic’s system in June 2017 and committed a HIPAA violation by stealing the protected health information (PHI) of over 43,000 people, which included names, birth dates, addresses, and Social Security numbers. In February 2018, Purbeck purchased credentials from the darknet and used them to access the server of a Newnan, GA-based Police Department, and stole police files that contained the sensitive data of about 14,000 people.
In July 2018, Purbeck used stolen credentials to access a Florida orthodontist’s network and stole the information of about 1,800 patients. Purbeck issued a ransom demand to Simon Orthodontics to stop the leakage of the stolen information, which included the PHI of the orthodontist’s child. Then Purbeck sent emails and text messages to the orthodontist and his patients to compel the practice into giving the ransom payment. Purbeck’s other victims were Andrea Yaley, Holland Eye Care in Michigan, and DDS in California.
The Federal Bureau of Investigation (FBI) Atlanta Field Office’s investigation identified Purbeck as a suspect in an investigation on August 21, 2029. Searching his Meridian, Idaho property or home led to finding several computers and electronic gadgets. After analysis of the devices, the FBI found the data files of 132,000 people that were stolen from 19 U.S. victims. Purbeck was accused in an 11-count indictment, and although he at first argued the charges, Purbeck pleaded guilty in March 2024 to two counts of deliberately accessing and acquiring data from a protected computer. In November 2024, Purbeck was sent to jail for 10 years then 3 years of monitored release. He is also required to pay $1,048,700 million in compensation to his victims. Purbeck filed an appeal regarding the guilty plea and sentence.