More than 600,000 Medical Records for Sale on the Deep Web

From Deep Dot Web:

An individual(s) who is offering more than six hundred thousand clinical records and related documentation on the deep web, says that he acquired those files after discovering a weakness in protocols – how  businesses perform or execute remote desktop functionality.

The hacker, also known as The Dark Over Lord, says that various reputable healthcare institutions were infiltrated, and that they got away with a list containing information on hundreds of thousands of patients from each of these organizations.

According to the hacker, there is a list of more than forty thousand patients discovered in the plain text; obtained via Microsoft Access database, they had simple usernames and passwords. The remaining lists contained more details than the previous ones; information of more than six hundred thousand patients, they were found in an institution based in central United States. The other organization is based in the southeastern part of the United States. However, both remaining lists were found in plain text, while a wrong configuration of the networks allowed the access.

Image Source: The Deep Dot Web – A screenshot of a website selling a database of more than 48,000 patients.

Furthermore, after exploiting the database and informing the companies that their systems were vulnerable, the hacker asked if they would pay him for finding the vulnerabilities, which they refused. As a result, the individual is offering the data for a large cost; the listings vary in cost, starting from 151 BTC, roughly $100,421.04 (as of 21st July), to 607 BTC, roughly $403,679.28 (as of 21st July) Prices may vary depending upon the exchange rates.

The details are for purchase at The Real Deal website – the same origins where login credentials for MySpace and Vkontakte were sold. The Dark Over Lord says that they have been offered some hefty prices, selling the data worth more …

Continue Reading