A hacker has been selling a medical database of 34,000 Patients from Bronx, New York in Bitcoins 20.0000 (13173.80 US Dollar).
Last month we brought you an in-depth report on massive multiple US healthcare insurance databases of 655,000 patients which were being sold on the Dark Net. Now, the same “thedarkoverlord” hacker is selling healthcare database of more 34,000 patients from the Bronx, New York.
In the listings, the hacker revealed the database was retrieved using a 0day within the Remote Desktop Protocol (RDP protocol) that gave direct access to this sensitive information. Specifically, this RDP gave access to a desktop and while gaining access the hacker found a “Passwords.txt” style file that allowed further ”effortless” penetration of their electronic medical systems.
The data contains first name, last name, street address, emails, date of birth, city, state, zip codes, gender, work, home and cell numbers. Further analysis shows total record count is 34,621 with almost all data stolen from Big Apple.
The Dark Overlord also claims that the data is legit and never been leaked or used before and it will be sold only once in Bitcoins 20.0000 (13173.80 US Dollar). Here is a screenshot from the darknet marketplace listing:
We got in touch with Vishal Gupta, CEO of Seclore to comment on recent Healthcare Database breach and fact that they are being openly sold to anyone, according to Mr. Gupta:
“I don’t know what is worse, that hackers are continuing to successfully breach healthcare facilities or that hospitals continue to fall victim to these attacks. While the hacker is selling the information for bitcoins, healthcare records can sell for a fortune, which is why we will continue to see data breaches in the healthcare industry. A change in security standards won’t happen over night, but these organizations must take immediate and extreme precautionary measures. Implementing data-centric security measures ensure that sensitive documents are ‘protected from being accessed’ in order to avoid another costly breach.”
There’s no doubt that the year 2015 was devastating for the healthcare industry where hospitals and medical insurance suffered back to back cyber attacks starting from MIE, the Indiana-based medical software firm exposing 4 Million user data (click here for more details), Excellus BlueCross BlueShield breach exposing 10 million customers (click here for more details), CareFirst Blue Cross and Blue Shield breach impacting 1.1 million customers (click here for more details) and hacking of Hollywood healthcare facility computers where cyber criminals demanded 9000 BTC ransom (click here for more details).
Must Read: Hacker Selling Quarter Million State of Louisiana Drivers’ License Database
It’s a small wonder then that as healthcare organizations race to digitize information and patient processes, they’ve become prime targets for hackers and even malicious insiders. According to a March NPR report, Has Healthcare Hacking Become an Epidemic? the healthcare industry averaged close to four data breaches per week in early 2016.
Note: This article has been updated due to confusion over whether the data was stolen from Big Apple or Big Apple Inc. We will update the article again upon receiving a response from Big Apple.
