A hacker claims to have stolen close to 10 million patient records and is selling them for about US$820,000.
Over the weekend, the hacker, called thedarkoverlord, began posting the sale of the records on TheRealDeal, a black market found on the deep Web. (It can be visited through a Tor browser.)
The data includes names, addresses, dates of birth, and Social Security numbers – all of which could be used to commit identity theft or access the patient’s bank accounts.
These records are being sold in four separate batches. The biggest batch includes 9.3 million patient records stolen from a U.S. health insurance provider, and it went up for sale on Monday.
The hacker used a little-known vulnerability within the Remote Desktop Protocol to break into the insurance provider’s systems, he said in his posting on the black market site.
The three other batches cover a total of 655,000 patient records, from healthcare groups in Atlanta, Georgia, Farmington, Missouri, and another city in the Midwestern U.S. The hacker didn’t give the names of the affected groups.
To steal these patient records, the hacker used “readily available plain text” usernames and passwords to access the networks where the data was stored, according to his sales postings.
Using an online message sent through the market, thedarkoverlord declined to answer any questions unless paid. The hacker wants a total of 1,280 bitcoins for the data he stole.
Healthcare providers and insurance companies are witnessing more hacking attacks as more of their data goes digital. In December 2014, cybercriminals targeted Anthem, one of the largest health insurance companies in the U.S., and made off with records belonging to as many as 80 million people.
Healthcare providers are seen as especially vulnerable to cyberattacks because they haven’t invested as much in IT security, according to experts.