Former Bupa employee posts 1 million records for sale on dark web

The employee was fired after stealing data from the health insurer. DataBreaches.net found a dark web listing that shows the employee was selling between 500,000 and 1 million medical records.
By Jessica Davis
01:20 PM
Bupa security breach

The employee of international health insurer Bupa fired for inappropriately copying and stealing the data of 108,000 customers, may have up to 1 million medical records for sale on the dark web, according to DataBreaches.net.

DataBreaches found the breach on the dark web on June 23, posted by a vendor called MoZeal.

The listing contained insurance information from 122 countries and included information like member and registration IDs, names, birthdates, all contact information and information about intermediaries.

Learn on-demand, earn credit, find products and solutions. Get Started >>

[Also: Insider breach on global health insurance giant Bupa exposes data of 108,000 customers]

While Bupa’s Managing Director Sheldon Kenton estimated the number of breached records as 108,000, the dark web listing has more than 130,000 insurance records posted from the U.K. alone. Further, MoZeal listed between 500,000 to 1 million insurance records.

Bupa announced the breach on Thursday, which affected international health insurance policyholders. These policies are for those who frequently travel or work overseas. The data included customer information, birth dates, nationalities and other administrative data.

[Also: The biggest healthcare breaches of 2017 (so far)]

The employee was fired immediately after the breach was discovered, and the health insurer is pursuing legal action.

The dark web posting of these medical records is part of an ongoing trend, and highlights the need for better security measures. Hackers are monitoring vulnerabilities online and leveraging insiders to gain access to personal data to sell online.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

More regional news

Lifestyle Medical’s RPM program shows improved outcomes during pandemic

Lifestyle Medical Founder Dr. Wayne Dysinger and one of his patients in one of the practice’s unusual consulting rooms.

By

"The system either queries the expert to diagnose the patient based on their chest X-ray and medical records, or makes the diagnosis itself by solely looking at their X-ray," CSAIL researchers explain.

By
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.