Mental Health Histories and Therapy Session Notes of 3,000+ Patients Sold On Darknet
Databreaches.net has discovered a healthcare data breach of more than 3,000 records. Those records appear to have been sold by the hacker responsible for the attack via a darknet marketplace. The records contained health and mental health histories and therapy session notes from 2007 to present.
In total, more than 4,500 patient records were obtained by the hacker, which related to ‘3,000-3,500’ unique individuals. The records included names, addresses, phone numbers and employer details along with SSNs, dates of birth and the names of patients’ physicians.
Worse still, the records contained complete family histories, details of substance abuse, legal histories, health and mental health histories, and detailed ‘complete’ notes of therapy sessions spanning several years.
The individual responsible for stealing the information listed the records for sale on a darknet marketplace advising potential buyers that the records contained “Everything confessed/discussed in complete privacy is in here for thousands of patients.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The complete set of data was listed for sale for a minimum price of $10,000 and was allegedly sold to one individual. The seller suggested the records could be sold back to the organization from where they were stolen.
It is not clear how the records were stolen, although the seller claims the healthcare organization had ‘not-so-great network security. Databreaches.net was able to identify the source of the data and alerted the organization – Behavioral Health Center in Bangor, Maine. The health center has launched an investigation into the breach and will notify affected patients in due course.
