“Anonymous” Hacks Turkish Hospitals, Leaks HIV And Abortion Records

Early analysis indicates it's far worse than the Turkish government is willing to admit

Illustration: Diana Quach
May 18, 2016 at 5:59 PM ET

A self-proclaimed member of the hacktivist group Anonymous has posted the extremely personal health information of scores Turkish citizens. According to a purported sample of the leaked information, that includes patients’ HIV status and records of past abortions.

Much of the country has a stigma against both HIV patients and women who have had abortions.

In a video announcing a hack on a number of Turkish hospitals—later deleted for violating YouTube’s terms of service—a figure wearing the standard Anonymous Guy Fawkes mask says that the attack is “revenge” for recent cyberattacks against two American hospitals. He claims to have breached servers in several Turkish hospitals, downloaded a vast trove of patient medical histories, then deleted the original files from the hospital databases.

It’s a spurious claim for several reasons. Both the U.S. hospitals were victims of ransomware attacks, and while a self-proclaimed Turkish hacker group claimed they were behind at least one of those, experts doubt it—and in any case, it’s nearly impossible to prove either way. Moreover, the figure highlights just how nebulous “membership” in Anonymous is. A number of high-profile Anonymous outlets have condemned this attack, but since there is no official Anonymous, anyone can claim to be an equal in the hacktivist movement—just look at the countless self-proclaimed Anonymous supporters who support Donald Trump, a candidate largely at odds with Anonymous values of inclusiveness and distrust of the rich, for instance. The “Anonymous” user sharing the information offered no way to contact him, so it’s impossible to verify the information he presented really came from him, and not another source.

The Turkish government has, however, confirmed cyberattacks on several hospitals. In a statement provided to the Hurriyet Daily News newspaper on Wednesday, the Ministry of Health admitted cyberattacks had occurred at least three hospitals in eastern Turkey. It claimed fairly minimal damage, saying all files the hackers had deleted had been backed up—contrary to the Anonymous video, which said, “We have destroyed their servers…only we have these databases now.”

A preliminary look at the hacked files, however, indicates the attack was more severe than the Ministry of Health is willing to admit. An early analysis indicates dozens of hospitals, including the Fatih Sultan Mehmet Education and Research Hospital, one of the largest in Istanbul, were breached. And it appears to include a vast trove of information—not just the extensive medical records of patients, but also the contact and login information of hospital staff.

Turkey’s citizens are no stranger to having hackers spread their private information. One enormous database, frequently circulated online, contains the citizenship numbers, birthdays, addresses, and other information of some 72 million citizens. 

Vocativ is continuing to investigate the breach and has reached out to a number of individuals whose health information is contained in the leak. Several hospitals named in the breach did not immediately respond to Vocativ’s request for comment.

Additional reporting by Ahmet A. Sabancı