Share this article on:
Over the course of the past few weeks there have been huge data dumps from historic cyberattacks on LinkedIn, MySpace, and Tumblr. More recently, over 33 million hacked Twitter accounts were listed for sale online. These accounts are believed to have been hacked using the credentials obtained in the LinkedIn breach.
Given the number of healthcare data breaches that have occurred over the past few years, it is to be expected that some of these data will be listed for sale on underground forums as hackers look to turn data into cash. However, three large healthcare databases have just been listed for sale online which do not appear to have come from historic healthcare data breaches.
655,000 Healthcare Records Listed for Sale from Recent Unreported Data Breaches
The data appear to have come from three separate breaches. The hacker who listed the data for sale has indicated there will be more to come. The batches of data currently being offered for sale total 655,000 patient records.
The data have been listed for sale by the hacker “TheDarkOverlord” who claims the data have been stolen in cyberattacks on three healthcare organizations, one in Farmington, Missouri, one in Atlanta, Georgia, and one from the Central/Midwest United States. The posting is accompanied by screenshots to prove the intrusions and data are genuine.
As with the LinkedIn and MySpace breaches, the data have been listed for sale on the darknet marketplace TheRealDeal.
The three databases have been listed separately and the hacker has claimed he will only sell one copy of each. The total price for all three databases is 1063.72 Bitcoin – Approximately $682,110. However, he also claims to have already sold a batch of Blue Cross Blue Shield members’ data from the Atlanta database for $100,000. The hacker is also trying to obtain payment from the healthcare organizations that were hacked. The names of those organizations have not been disclosed.
The stolen data include patients’ and plan members’ names, addresses, dates of birth, email addresses, and Social Security numbers – all the data needed by cybercriminals to commit identity theft.
The Farminton, MO., database contains 47,864 patient records and was stolen from a Microsoft Access database maintained by a healthcare provider. The hacker claims to have obtained the data using “readily available plaintext usernames and passwords.”
The database from the central/Midwest region includes 207,572 patient records. The hacker claims to have gained access to the network using plaintext usernames and passwords, and reports that the organization had a severely misconfigured network.
The Georgia data includes 396,458 patient records and was similarly obtained using readily available plaintext usernames and passwords. This database contains a large number of records of Blue Cross Blue Shield and United Healthcare members and was stolen from an accessible internal network.
Remote Desktop Protocol Exploited
The hacker says he obtained all of the data by exploiting Remote Desktop Protocol (RDP). RDP is used by tech support companies to remotely access computers to perform maintenance and resolve computer issues. The hacker claims to have gained access to the systems and moved through the network until he “got to the juicy machines running their electronic health systems.”
He also issued a statement saying, “Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.”