A hacker called "thedarkoverlord" is offering three large medical databases for sale on TheRealDeal online market for approximately $100,000, $200,000 and $400,000, DeepDotWeb reports.
The hacker told DeepDotWeb that he accessed the databases via "an exploit in how companies use RDP. So it is a very particular bug. The conditions have to be very precise for it."
The three databases are as follows:
- 48,000 patient records from Farmington, Missouri -- "a considerably large database in plaintext from a healthcare organization in Farmington, Missouri, United States," according to thedarkoverlord. "It was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords."
- 210,000 patient records from the Midwestern U.S. -- "a very large database in plaintext from a healthcare organization in the Central/Midwest United States. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords."
- 397,000 patient records from Georgia -- "a very large database in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords."
While he isn't currently identifying the companies affected, the hacker did ask DeepDotWeb to pass on this warning to them: "Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"There is a lot more to come," he added.
The hacker separately told Motherboard that he had already sold $100,000 worth of records from the Georgia database, and that the prices he's asking for the database are modest "compared to the damage that will be caused to the organizations when I decide to publicly leak the victims."
"Someone wanted to buy all the Blue Cross Blue Shield insurance records specifically," the hacker claimed.
The dumps, which appear to be genuine, include full names, Social Security numbers, birthdates, mailing addresses and insurance information, Motherboard reports.
"The healthcare industry has been especially targeted as of late, and what we see on the Dark Web is just what is being openly sold," Cymmetria CEO and co-founder Gadi Evron told eSecurity Planet by email. "The healthcare industry is taking the situation very seriously, but there is no doubt that hackers sense the potential gains and are now targeting them more than before."
Security expert Graham Cluley told BBC News that attackers are moving beyond targeting just credit card data, and are now trying to gather as much information about people's lives as they can get. "With that information, the hackers could take out credit, open bank accounts, make bogus insurance claims or simply sell the valuable data on to other criminals to monetize as they wish," he said.
"2016 is proving to be the year of online extortion," Cluley added. "We're likely to see more and more attacks like this."
A recent eSecurity Planet article offered advice on improving database security.