Hackers are selling US healthcare database of on the darknet with confidential and personal data in plain text!
Cyberinfrastructure in the United States has been vulnerable for quite a long time now and it looks like the authorities didn’t learn anything from previous large-scale cyber attacks on the healthcare industry as researchers have discovered databases containing a massive trove of the patient and officials’ data available for sale on the DarkNet.
There’s no doubt that the year 2015 was devastating for the healthcare industry where hospitals and medical insurance suffered back to back cyber attacks starting from MIE, the Indiana-based medical software firm exposing 4 Million user data (click here for more details), Excellus BlueCross BlueShield breach exposing 10 million customers (click here for more details), CareFirst Blue Cross and Blue Shield breach impacting 1.1 million customers (click here for more details) and hacking of Hollywood healthcare facility computers where cyber criminals demanded 9000 BTC ransom (click here for more details).
However, the data we are about to discuss below is bigger than all aforementioned breaches. The sale was identified by data mining company Hacked-DB. They noticed that it’s highly confidential and can lead to devastating impacts in the long run. The company also found out that the data was retrieved using a 0day within the RDP protocol that gave direct access to this sensitive information.
The hacker selling this data goes by the handle of The Dark Overlord and he’s currently offering database from a healthcare organization in Farmington, Missouri containing personal details of 47,864 patients. The seller states that the data was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords. The records also contain details like first and last name, address, city, state, zip codes, Social security numbers (SSN), gender details, emails, phone numbers (home and work), cell phone numbers and date of births ranging from 1890-1934 (5,650 users), 1935-1989 (38,136 users), 1990-1997 (2,783 users) and 1998-2015 (1,295 users).
The Dark Overlord also claims that the data is legit and never been leaked or used before and it will be sold only once in BTC 60 (39782.40 US Dollar). Here is a screenshot from the darknet marketplace listing:
Second in listings is another US based healthcare firm from Central/Midwest United States that had its database compromised and now available for sale in BTC 170.0000 (112200.00 US Dollar). The database contains personal information of 207,572 patients including full names, gender info, social security numbers (SSN), date of birth ranging from 1890-1934 (39,412 users), 1935-1989 (135,387 users), 1990-1997 (18,396 users) and 1998-2015 (14,377 users).
According to the data description from seller himself, the record is a very large database in plaintext from a healthcare organization in the Central/Midwest United States. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.
Here is a screenshot of listing from darknet marketplace:
At the beginning of this article, we mentioned a data breach that took place on Blue Cross Blue Shield Association’s servers affecting 10 million customers the third database for sale belongs to the same association but the seller claims the data offered in the darknet marketplace has never been leaked or used before. So is this the same data acquired from the association breach back in May 2015? Could be… could be not as of now it doesn’t matter. The Blue Cross Blue Shield Association,” is a federation of 36 separate United States health insurance organizations and companies, providing health insurance to more than 106 million Americans and their data is ready to go public.
The Dark Overlord is offering up 396,458 patients’ data from Atlanta, Georgia, United States acquired from Blue Cross Blue Shield Association and as expected the demand for this database is BTC 300.0000 (197940.00 US Dollar). This product is a very large database in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords, according to the data description.
full names, details about the type of health insurance, full addresses, age details, date of birth, cell phone numbers, home and work numbers, city, email addresses, fax numbers, social security numbers, states, shares IDs, job title, Zip codes and heck load of data that is almost impossible for us to go trough. The plaintext database file is over 200MB in size.
It must be noticed that US government is taking down cyber criminals involved in such activities as Mr. Scott Gordon, COO at FinalCode, Inc mentions in his blog post (direct document file download) that last week, the Department of Justice announced takedown of 300 criminals responsible for $900 million in fraudulent healthcare billings — the largest in history. One of the charges leveled against the defendants is aggravated identity theft which points to the root cause of the problem — healthcare identity information stolen in data breaches or by insider fraud.
On the cyber black market, a single stolen healthcare record is worth $50, more than 10 times the value of a Social Security Number ($0.43), making the healthcare system a far more lucrative target for fraud.
It’s a small wonder then that as healthcare organizations race to digitize information and patient processes, they’ve become prime targets for hackers and even malicious insiders. According to a March NPR report, Has Healthcare Hacking Become an Epidemic? the healthcare industry averaged close to four data breaches per week in early 2016.