A HACKER HAS BEEN SELLING A MEDICAL DATABASE OF 34,000 PATIENTS FROM BRONX, NEW YORK IN BITCOINS 20.0000 (13173.80 US DOLLAR)
Last month we brought you an in-depth report on massive multiple US healthcare insurance databases of 655,000 patients which were being sold on the Dark Net. Now, the same “thedarkoverlord” hacker is selling healthcare database of more 34,000 patients from the Bronx, New York.
In the listings, the hacker revealed the database was retrieved using a 0day within the Remote Desktop Protocol (RDP protocol) that gave direct access to this sensitive information. Specifically, this RDP gave access to a desktop and while gaining access the hacker found a “Passwords.txt” style file that allowed further ”effortless” penetration of their electronic medical systems.
The data contains first name, last name, street address, emails, date of birth, city, state, zip codes, gender, work, home and cell numbers. Further analysis shows total record count is 34,621 with almost all data stolen from the Bronx-based Big Apple Ortho-Med Supply Inc.
The Dark Overlord also claims that the data is legit and never been leaked or used before and it will be sold only once in Bitcoins 20.0000 (13173.80 US Dollar). Here is a screenshot from the darknet marketplace listing:
We got in touch with Vishal Gupta, CEO of Seclore to comment on recent Healthcare Database breach and fact that they are being openly sold to anyone, according to Mr. Gupta:
“I don’t know what is worse, that hackers are continuing to successfully breach healthcare facilities or that hospitals continue to fall victim to these attacks. While the hacker is selling the information for bitcoins, healthcare records can sell for a fortune, which is why we will continue to see data breaches in the healthcare industry. A change in security standards won’t happen over night, but these organizations must take immediate and extreme precautionary measures. Implementing data-centric security measures ensure that sensitive documents are ‘protected from being accessed’ in order to avoid another costly breach.”
It’s a small wonder then that as healthcare organizations race to digitize information and patient processes, they’ve become prime targets for hackers and even malicious insiders.