Millions of Health Records Reportedly Appear for Sale on Dark Web

Two days after reporting that 655,000 healthcare records were found for sale on the dark web, the site DeepDotWeb said today that another insurance database with at least 9.3 million patient records is being shopped around by an anonymous hacker.

Over the weekend, a hacker using the name "thedarkoverlord" was offering for sale records taken from databases managed by three healthcare organizations in Missouri, Georgia and the Midwest, according to the site. The hacker, who was seeking payment in Bitcoins with a value ranging from around $100,000 to $395,000, reportedly told DeepDotWeb, "There is a lot more to come."

That same hacker appeared again today on a dark web market with an offer to sell another database with more than 9.3 million patient records for 750 Bitcoins, valued at around $485,000. The hacker's market listing claimed the plaintext data belonged to "a large insurance healthcare organization in the United States."

'Very Particular' Zero-Day Exploit

According to DeepDotWeb, the hacker selling the healthcare data claimed the information was accessed through a zero-day vulnerability in the Remote Desktop Protocol (RDP) used to connect devices across a network. A proprietary protocol developed by Microsoft for Windows-based applications, RDP provides users with a graphical interface for managing computer-to-computer communication.

Speaking with DeepDotWeb via Jabber over the weekend, thedarkoverlord reportedly said he was able to access the healthcare records due to "an exploit in how companies use RDP. So it is a very particular bug. The conditions have to be very precise for it."

As business records have become increasingly digitized and network-connected, the risks of breaches, thefts and data losses have grown. Healthcare data in particular offers the potential for hackers to profit via ransomware or fraudulent claims.

"[W]e have seen how all kinds of illegal goods are traded through black market digital sites, some...

Comments are closed.