A hacker is supposedly trying to sell majority a million patient records
A hacker is supposedly trying to sell majority a million patient records, obtained from making use of RDP, on a dark web market.
A hacker going by thedarkoverlord is reportedly selling 655,000 patient records on a dark web marketplace; he asserts to have 3 separate healthcare databases that include patient’s complete names, Social Security numbers, dates of birth, addresses and more data that might be utilized for identity theft and scams.
The hacker asserts to have actually made use of Remote Desktop Protocol (RDP) at three health care companies in order to steal the databases. Thedarkoverlord informed DeepDotWeb that it is a very specific bug. The conditions have to be extremely precise for it.
He also provided screenshots handled June 13 as evidence of the intrusions, showing the level of delicate patient details in the records. The databases contain Social Security numbers, patient’s full names, race and genders, addresses, dates of birth, telephone number, insurance coverage info and email addresses. That’s ample info for a punk to impersonate a victim to establish a line of credit or to get a loan.
The databases being promoted on TheRealDeal marketplace presumably consist of 48,000 patient records from a healthcare company in Farmington, Missouri, another 210,000 records from Central/Midwest US, and 397,000 health care records from Georgia.
Although thedarkoverlord is offering to sell a distinct one-off copy of each of the 3 databases, the hacker saw Motherboard that he has already sold $100,000 worth of records from the Georgia organization. Someone wanted to purchase all heaven Cross Blue Shield Insurance records specifically.
The asking cost for the full health care database with almost 400,000 records from Georgia is 607.84 bitcoins, which at the time of writing is currently about $389,390. The hacker explained it as a huge database in plaintext from a healthcare company in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords.
He wants 303.92 bitcoins, about $195,147, for 210,000 patient records from a huge database in plaintext from a healthcare organization in the Central/Midwest United States. It was retrieved from a badly misconfigured network using readily available plaintext usernames and passwords.
As for the 48,000 records being sold for 151.96 bitcoins, about $97,574, he claims the plaintext database came from a healthcare company in Farmington, Missouri. It was obtained from a Microsoft Access database within their internal network using readily offered plaintext usernames and passwords.
If thedarkoverlord sells all three health care databases simply when, then he would make about $682,110. If he likewise made $100,000 for the Blue Cross Blue Shield information, and just does that when, then he stands to make more than three-quarters of a million dollars for his criminal activities.
Hacker wants hush money, provided ransom need to each organization.
The hacker is not revealing the names of the breached companies yet, since he is trying to obtain a ransom from them. He saw Motherboard the ransom demand is a modest quantity compared to the damage that will be caused to the organizations when I decide to publicly leak the victims.
Thedarkoverlord asked DeepDotWeb to consist of the following note for the breached companies.