Millions of patient records reportedly for sale on the dark web after ransom demand

Unique copies of the records – apparently stolen from three large health organizations and a U.S. insurance company – are being offered for as much as $485,000 worth of bitcoin, according to the website DeepDotWeb.
By Jessica Davis
03:06 PM

The healthcare records of some 655,000 patients are allegedly being sold on the dark web for 151 to 607 bitcoins or $100,000 to $395,000, according to the website DeepDotWeb.

In an encrypted Jabber conversation, a hacker using the handle "thedarkoverlord" explained to the website that a flaw – discovered in the way companies use remote desktop protocols – was exploited to steal the patient records from three healthcare databases.

The hacker redacted all identifiable information when he or she shared images of the breach with the website, "so the target company can remain anonymous for now."

He or she claims to have accessed 397,000 of the patient records from the internal network of a large database in Georgia; 210,000 patient records from a database somewhere in the Midwest (retrieved from a "severely misconfigured network"); and 48,000 records are from Farmington, Missouri. The hacker is selling a unique one-off copy of each of the three databases.

According to the website Motherboard, the hacker had threatened each organization with a ransom demand -- calling it a "modest amount compared to the damage that will be caused to the organizations when I decide to publicly leak the victims."

The hacker told the website he’s already sold $100,000 worth of records from the Georgia organization.

"Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer," the hacker told DeepDotWeb.


On June 28, DeepDotWeb reported that the number of records said to be for sale on the dark web had skyrocketed to 9.3 million, after the same hacker, "thedarkoverlord," claims to have accessed the database of a healthcare payer. The records are said to include names, addresses, email, phone numbers, birthdates and social security numbers.

"This product is an extremely large database in plaintext from a large insurance healthcare organization in the United States," the hacker wrote on the page where the records were placed for sale. "It was retrieved using a 0day within the RDP protocol that gave direct access to this sensitive information."

The database is being sold for 750 bitcoins, or about $485,000. The hacker told DeepDotWeb that he or she attempted to contacted the breached organizations, but it declined to respond. When asked about more leaks in the future, he or she said: "We're just getting started."

Twitter: @JessieFDavis
Email the writer:

Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.