Idaho Man Turns to RaaS to Extort Orthodontist

Robert Purbeck, 45, received a 10-year prison sentence for hacking into 19 computer servers across the US, stealing the personally identifiable information (PII) of 132,000 people, attempting to extort an orthodontist in exchange for Bitcoin, and threatening to make public the patient records he stole.

In 2017, Purbeck purchased access to a medical clinic's computer server on a cybercriminal marketplace. Using these stolen credentials, he accessed the clinic's computers and downloaded records for more than 43,000 individuals that included names, addresses, birthdates, and Social Security numbers.

Nearly a year later, Purbeck purchased credentials on the Dark Web for a police department server in Newnan, Ga., stealing documents, police reports, and sensitive information of over 14,000 people.

And in July 2018, Purbeck threatened an orthodontist he'd stolen data from, demanding a ransom in Bitcoin. He also threatened to sell the PII of the orthodontist's child, harassing the orthodontist and his patients with threatening emails and messages.

The FBI ultimately executed a federal search warrant at Purbeck's home in 2019, seizing his computers and devices. Earlier this year, he pleaded guilty to two counts of "intentionally accessing and obtaining information from a protected computer without authorization."

Alongside his prison sentence, Purbeck was ordered to serve three years of supervised release as well as pay $1,048,702 in restitution to his victims.