Reports indicate that a hacker has obtained nearly 650,000 healthcare records, consisting of such information as full names, addresses, social security numbers, date of birth, and insurance details from three hospitals and put them up for sale on the deep web. DeepDotWeb first reported the hack. The hacker allegedly made use of an exploit in the institutions’ Remote Desktop Protocol. Though, names of the institutions whose healthcare databases have been hacked remain unclear. DeepDotWeb also noted that the hacker provided them with exclusive images related to the largest database of the institution’s internal network. However, the hacker made sure that all the identifiable information was redacted so that the target company’s name remained anonymous.
The darknet or the dark web is private networks that are built through connections between trusted peers with the help of unconventional protocols. Deep Web, of which the dark web is just one part, is a vast network and cannot be indexed by standard search engines.
Reportedly, the hacker is selling the hacked data on TheRealDeal, a notorious deep web marketplace frequented by cybercriminals. The hacker is asking for payment in bitcoins, as in the case of other similar transactions that take place on the deep web. The hacker known as “thedarkoverlord,” operates on TheRealDeal market and is making a one-off offer to sell off one copy of each of the three hacked databases for 151 Bitcoins (approximately $100,000) to 607 bitcoins (approximately $395,000).
According to reports, a database that consists of 48,000 records of patients belongs to a healthcare institution (later on named as Midwest Orthopedic Clinic) located in Farmington, Missouri. It is alleged that the patient records found in this database were stored natively in plain text format. The hacker reportedly retrieved the information from a database in Microsoft Access by making use of some common usernames as well as passwords. This reveals a lot about the unhealthy security practices employed by the institutions in the healthcare industry. A user wanting to buy this database will have to shell out as much as 151 bitcoins.
The database consisting of 210,000 patient records, the second largest among the three, belongs to an organization in the healthcare industry located in Central/Midwest part of US. It is alleged that the institution stored patient records on a network that was misconfigured. As in the case of the previous database, the hacker accessed these patient records also by making use of plain text usernames as well as passwords. This further indicates that hospitals, in general, are not serious about their Internet security.
The patient records obtained by the hacker from a healthcare institution located in Georgia can be termed as the prize catch. This is the largest of the three hacks, and it consists of 400,000 patient records. The price attached to this database is 607 bitcoins. All of the patient records contained in this database were also reportedly stored in plain text.
Reportedly, the website Motherboard has also received a sample of about 30 records from the Georgia hack. According to Motherboard, calls made to the phone numbers in the hacked database went through to the right address. One person even confirmed the other details, but the physical address was outdated.
As far as cybercriminals are concerned, healthcare is purportedly an attractive target. In February, as much as $17,000 in bitcoins was paid by a hospital in Los Angeles to hackers operating on the deep web who disabled the institution’s computer network. Gadi Evron, CEO, and Co-founder of Cymmetria, a network security company, reportedly said in an email to FoxNews.com that cybercriminals are targeting the healthcare industry more than ever before because of the potential gains they can accrue by selling hacked data on the deep web marketplaces.
Unfortunately, the Internet security measures employed by institutions in the healthcare industry are not at all safe, especially storing confidential patient information in plain text and using usernames and passwords. Things need to change soon enough as these hacks, as well as the sale of data on the deep web, gives only an indication of what is in store.