Stolen Data Found on Dark Web by New Security Startup

You have been attacked by hackers and they have stolen your data, but how can you tell? According to a new security start-up, discovering a breach of healthcare data can be a very quick process: Terbium Labs has developed a method of identifying stolen data within minutes of it being posted online.

CEO of Terbium, Danny Rogers, along with CTO, Michael Moore, believe they have developed a system that takes “a large scale, computational approach to finding pilfered data,” and allows stolen data to be identified faster and more securely than was previously possible.

Reducing the Risk of a HIPAA Data Breach


In order for a company to identify stolen data, it must first be provided with the confidential records that it needs to search for. This naturally involves some risk. As the past few weeks have shown, passing data to Business Associates increases the risk of a data breach. Medical Management LLC being a good example.

Terbium’s new product, called Matchlight, uses an innovative method of identifying data, while ensuring the data the company stores on a HIPAA-covered entity is properly secured. Terbium does not even need to know what data it is searching for.

The company creates hashes of a healthcare provider’s data, and uses these tiny data fragments – some as small as 14 bytes – to conduct a thorough and deep search of the internet for those data fragments. This is achieved by comparing the data fragments to Terbium’s global and private index of dark web sites, with the software probing all the nooks and crevices in the “Dark and Deep Web” where stolen data is likely to be hosted.

According to Rogers, the index is compared with the hashed fragments, “which is a way for us to automatically search for an element of the company’s data without actually knowing what that data is.” He goes on to say, “So this [Matchlight] allows them to search for things without having to reveal what those things are.”

8 Months of Searching Performed in a Matter of Minutes


The main advantages of Matchlight are the extensive search capabilities and the speed which data can be assessed. Hackers and cybercriminals are using obscure dark web sites – including hidden Tor websites – to post stolen data, and Terbium claims to be able to probe these deep and dark recesses of the internet and identify posted stolen data fast. How quickly? In just a matter of minutes!

Matchlight is not the only product on the market that can search for stolen data, but in terms of speed there is nothing else that compares. Traditional discovery methods often take between 6 and 8 months to comprehensively scan for stolen data.

To all intents and purposes, Matchlight works like a faster and more comprehensive search engine, using its spiders to crawl web pages and identify content. When a data fragment is located, it is compared with the data hashes and the information is given a score. That score then tells the company how likely it is that the data comes from a particular source.

This is important. With so many data breaches now occurring and patients being affected by breaches from multiple sources, identifying the data as coming from a particular healthcare provider is vital. This will become even more important over the coming months and years as more data breaches are reported. Determining how patient data got onto the dark net could have major implications for future civil lawsuits for damages.

In addition to the dark web, Matchlight also trawls through sites known to be used by hackers to post links to data: Twitter, Pastebin and Reddit for example.

Rapid Identification of Data Theft Speeds up the Breach Response


Once data is located, that information is relayed to the healthcare provider who can initiate an investigation and start the breach response process. From the hashed data fragment a healthcare provider will be able to determine the origin of that data. They are provided with a unique ID fingerprint that can be used to determine where that data came from. This is not performed by Terbium, so no confidential data is disclosed.

According to Rogers, on the first day the system was run it discovered over 20,000 stolen credit card numbers and 600 leaked email addresses and passwords. Rogers said “Both sets of data were detected minutes after being posted.”

A number of blue chip companies, healthcare providers and financial institutions are now beta testing the product. In the next few weeks a new pricing structure will be announced. The product is expected to be priced on “a flat rate based on data volumes or the number of records monitored,” according to Terbium.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.