Hacker Claims to be Selling 655,000 Patient Records from Three Hacked Hospitals, Media Reports Say | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Hacker Claims to be Selling 655,000 Patient Records from Three Hacked Hospitals, Media Reports Say

June 28, 2016
by Heather Landi
| Reprints
Click To View Gallery

A hacker claims to have 655,000 patient records allegedly obtained by hacking into three separate healthcare databases and is selling those patient records on the dark web marketplace, according to a report originally published by news site DeepDotWeb.

According to the DeepDotWeb article, posted Saturday, the hacker communicated with the site’s writers via an encrypted conversation. While it has not been verified whether any healthcare organizations have actually been hacked, the hacker provided the media site with images of the database hack from their internal network. The screenshot photos show healthcare databases that expose sensitive patient information, including full names, addresses, date of birth, social security numbers and other information, although the information in the screenshot photos has been blurred.

The hacker claims to have three separate healthcare databases from healthcare organizations in Farmington, Missouri, an undisclosed location in Central/Midwest U.S. and one in Georgia, and is allegedly selling the databases on a dark web marketplace.

The DeepDotWeb article quotes the hacker as providing this information about the databases:

“A considerably large database (48,000 patient records) in plaintext from a healthcare organization in Farmington, Missouri. It was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords.”

“A very large database (210,000 patients) in plaintext from a healthcare organization in the Central/Midwest U.S. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.”

“A very large database (397,000 patients), in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords.”

Motherboard published an article on Sunday stating that the hacker goes by the handle “thedarkoverlord,” and it appears the hacker wants a ransom demand from the healthcare organizations.

Motherboard writer Joseph Cox wrote, “Thedarkoverlord has decided to not name the organizations, as he has threatened each with a ransom demand.”

In the article, Cox quotes the hacker as stating, “A modest amount compared to the damage that will be caused to the organizations when I decide to publicly leak the victims,” and then notes that the hacker “claims to have already sold $100,000 worth of records from the Georgia dump.”

“Someone wanted to buy all the Blue Cross Blue Shield Insurance records specifically,” he said,” the Motherboard article stated.

And, Cox wrote that Motherboard was provided with a sample of just under 30 patient records from the alleged Georgia database hack.

According to the DeepDotWeb article, the hacker allegedly used “an exploit in how companies use RDP” (remote desktop protocol). The article quotes the hacker as stating, "It is a very particular bug. The conditions have to be very precise for it."

In the Motherboard article, Cox wrote, “The hacker claims he obtained each database in roughly the same way each time via an unknown vulnerability in remote desktop protocol, which allows (usually) authorised parties to control computers for things such as tech support. From here, thedarkoverlord claims he moved throughout the network “until I got to the juicy machines running their electronic health systems.”

Bob Ertl, a senior director at Accellion, a cloud solutions vendor, says this latest breach incident highlights “just how critical the cybersecurity problem has become for the healthcare industry.”

“Unfortunately, the reality is that as long as medical information can sell on the black market for ten times or more than the value of a credit card number, the healthcare industry is going to have a target on its back,” Ertl says.

“Healthcare organizations just have to do a better job at securing protected health information (PHI),” he says.

Vishal Gupta, CEO of Seclore, says news of the hack “is a poignant reminder of just how valuable healthcare information is on the black market.”

“According to the hacker, some of the healthcare records have already sold for $100,000. To put that in perspective, the individual behind the LinkedIn breach tried to sell 117 million compromised passwords for only $2,200. When all is said and done, this breach could net upwards of a half a million dollars, which is why healthcare organizations are so heavily targeted by cybercriminals.”

He added, “Until companies are able to reduce the value of their sensitive information by applying persistent data-centric security solutions, the healthcare industry will continue to be every hacker’s favorite cash cow.”

The hacker claims to be trying to sell “a unique one-off copy of each of the three databases which are ranging in price from 151 bitcoin (about $100,000) to 607 bitcoin (about $395,000), the DeepDotWeb article stated.




Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.

AMIA, Pew Urge Congress to Ensure ONC has Funding to Implement Cures Provisions

The Pew Charitable Trusts and the American Medical Informatics Association (AMIA) have sent a letter to congressional appropriators urging them to ensure that ONC has adequate funding to implement certain 21st Century Cures Act provisions.

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.