Hacker puts up 10 mn patient records for sale
29 Jun 2016
A hacker claims to have around 10 million stolen patient records, which he has offered for sale for about $820,000.
The hacker going by the handle thedarkoverlord, started posting the sale of the records on TheRealDeal, a black market found on the deep web which can be visited through a Tor browser.
The data includes names, addresses, dates of birth, and Social Security numbers, which could all be used to commit identity theft or access the patient's bank accounts.
The sale of the records would happen in four separate batches and the biggest included 9.3 million patient records stolen from a US health insurance provider. It went up for sale yesterday.
According to the hacker's posting on the black market site, he used a little-known vulnerability within the Remote Desktop Protocol to break into the insurance provider's systems.
The rest of the batches cover 655,000 patient records, from healthcare groups in Atlanta, Georgia, Farmington, Missouri, and another city in the Midwestern US. The hacker did not give the names of the affected groups.
In his sales postings, the hacker said he used "readily available plain text" usernames and passwords to access the networks where the data was stored, to steal the records.
He said the data was stolen by exploiting a zero-day flaw in the remote desktop protocol (RDP), which could allow a user to remotely view another user's desktop.
According to commentators this was not at all surprising, given that earlier this year a hacker exposed thousands of insecure desktops could be configured remotely by anyone, thanks to poorly-configured remote desktop software.
It was not clear where the data came from, but healthcare providers and hospitals had come under increasing attacks for customer and patient data in recent months. Hacker stole 80 million records from health insurance company Anthem last year.