Hacker Claims to be Selling 655,000 Patient Records from Three Hacked Hospitals, Media Reports Say | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Hacker Claims to be Selling 655,000 Patient Records from Three Hacked Hospitals, Media Reports Say

June 28, 2016
by Heather Landi
| Reprints
Click To View Gallery

A hacker claims to have 655,000 patient records allegedly obtained by hacking into three separate healthcare databases and is selling those patient records on the dark web marketplace, according to a report originally published by news site DeepDotWeb.

According to the DeepDotWeb article, posted Saturday, the hacker communicated with the site’s writers via an encrypted conversation. While it has not been verified whether any healthcare organizations have actually been hacked, the hacker provided the media site with images of the database hack from their internal network. The screenshot photos show healthcare databases that expose sensitive patient information, including full names, addresses, date of birth, social security numbers and other information, although the information in the screenshot photos has been blurred.

The hacker claims to have three separate healthcare databases from healthcare organizations in Farmington, Missouri, an undisclosed location in Central/Midwest U.S. and one in Georgia, and is allegedly selling the databases on a dark web marketplace.

The DeepDotWeb article quotes the hacker as providing this information about the databases:

“A considerably large database (48,000 patient records) in plaintext from a healthcare organization in Farmington, Missouri. It was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords.”

“A very large database (210,000 patients) in plaintext from a healthcare organization in the Central/Midwest U.S. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.”

“A very large database (397,000 patients), in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords.”

Motherboard published an article on Sunday stating that the hacker goes by the handle “thedarkoverlord,” and it appears the hacker wants a ransom demand from the healthcare organizations.

Motherboard writer Joseph Cox wrote, “Thedarkoverlord has decided to not name the organizations, as he has threatened each with a ransom demand.”

In the article, Cox quotes the hacker as stating, “A modest amount compared to the damage that will be caused to the organizations when I decide to publicly leak the victims,” and then notes that the hacker “claims to have already sold $100,000 worth of records from the Georgia dump.”

“Someone wanted to buy all the Blue Cross Blue Shield Insurance records specifically,” he said,” the Motherboard article stated.

And, Cox wrote that Motherboard was provided with a sample of just under 30 patient records from the alleged Georgia database hack.

According to the DeepDotWeb article, the hacker allegedly used “an exploit in how companies use RDP” (remote desktop protocol). The article quotes the hacker as stating, "It is a very particular bug. The conditions have to be very precise for it."

In the Motherboard article, Cox wrote, “The hacker claims he obtained each database in roughly the same way each time via an unknown vulnerability in remote desktop protocol, which allows (usually) authorised parties to control computers for things such as tech support. From here, thedarkoverlord claims he moved throughout the network “until I got to the juicy machines running their electronic health systems.”

Bob Ertl, a senior director at Accellion, a cloud solutions vendor, says this latest breach incident highlights “just how critical the cybersecurity problem has become for the healthcare industry.”

“Unfortunately, the reality is that as long as medical information can sell on the black market for ten times or more than the value of a credit card number, the healthcare industry is going to have a target on its back,” Ertl says.

“Healthcare organizations just have to do a better job at securing protected health information (PHI),” he says.

Vishal Gupta, CEO of Seclore, says news of the hack “is a poignant reminder of just how valuable healthcare information is on the black market.”

“According to the hacker, some of the healthcare records have already sold for $100,000. To put that in perspective, the individual behind the LinkedIn breach tried to sell 117 million compromised passwords for only $2,200. When all is said and done, this breach could net upwards of a half a million dollars, which is why healthcare organizations are so heavily targeted by cybercriminals.”

He added, “Until companies are able to reduce the value of their sensitive information by applying persistent data-centric security solutions, the healthcare industry will continue to be every hacker’s favorite cash cow.”

The hacker claims to be trying to sell “a unique one-off copy of each of the three databases which are ranging in price from 151 bitcoin (about $100,000) to 607 bitcoin (about $395,000), the DeepDotWeb article stated.




Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.

Dignity Health, UCSF Health Partner to Improve the Digital Patient Experience

Dignity Health and UCSF Health are collaborating to develop a digital engagement platform that officials believe will provide information and access to patients when and where they need it as they navigate primary and preventive care, as well as more acute or specialty care.

Report: Digital Health VC Funding Surges to Record $4.9 Billion in 2018

Global venture capital funding for digital health companies in the first half of 2018 was 22 percent higher year-over-year (YoY) with a record $4.9 billion raised in 383 deals compared to the $4 billion in 359 deals in the same time period last year, according to Mercom Capital Group’s latest report.

ONC Roundup: Senior Leadership Changes Spark Questions

The Office of the National Coordinator for Health IT (ONC) has continued to experience changes within its upper leadership, leading some folks to again ponder what the health IT agency’s role will be moving forward.

Media Report: Walmart Hires Former Humana Executive to Run Health Unit

Reigniting speculation that Walmart and insurer Humana are exploring ways to forge a closer partnership, Walmart Inc. has hired a Humana veteran to run its health care business, according to a report from Bloomberg.

Value-Based Care Shift Has Halted, Study Finds

A new study of 451 physicians and health plan executives suggests that progress toward value-based care has stalled. In fact, it may have even taken a step backward over the past year, the research revealed.