Former Bupa employee posts 1 million records for sale on dark web

The employee was fired after stealing data from the health insurer. DataBreaches.net found a dark web listing that shows the employee was selling between 500,000 and 1 million medical records.
By Jessica Davis
01:20 PM
Share
Bupa security breach

The employee of international health insurer Bupa fired for inappropriately copying and stealing the data of 108,000 customers, may have up to 1 million medical records for sale on the dark web, according to DataBreaches.net.

DataBreaches found the breach on the dark web on June 23, posted by a vendor called MoZeal.

The listing contained insurance information from 122 countries and included information like member and registration IDs, names, birthdates, all contact information and information about intermediaries.

[Also: Insider breach on global health insurance giant Bupa exposes data of 108,000 customers]

While Bupa’s Managing Director Sheldon Kenton estimated the number of breached records as 108,000, the dark web listing has more than 130,000 insurance records posted from the U.K. alone. Further, MoZeal listed between 500,000 to 1 million insurance records.

Bupa announced the breach on Thursday, which affected international health insurance policyholders. These policies are for those who frequently travel or work overseas. The data included customer information, birth dates, nationalities and other administrative data.

[Also: The biggest healthcare breaches of 2017 (so far)]

The employee was fired immediately after the breach was discovered, and the health insurer is pursuing legal action.

The dark web posting of these medical records is part of an ongoing trend, and highlights the need for better security measures. Hackers are monitoring vulnerabilities online and leveraging insiders to gain access to personal data to sell online.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn