The hacker is asking over $700,000 for the whole data. A hacker that goes by the name of TheDarkOverlord has put up for sale on the Dark Web three databases stolen from three healthcare institutions in the US.
The hacker is selling the data on The Real Deal marketplace, and he says he breached these companies using an RDP (Remote Desktop Protocol) bug.
TheDarkOverlord has told DeepDotWeb, who first spotted the ads, that it’s “a very particular bug. The conditions have to be very precise for it.”
He also provided a series of screenshots as proof, showing him accessing the hacked systems via a Remote Desktop connection.
The hacker also said that before putting the data on the Dark Web, he contacted the companies and informed them of their problems, offering to disclose the bug for a price, in a tactic known as bug poaching.
Obviously, all three companies declined, so here we are, with their data available on the Dark Web. TheDarkOverlord said that all databases are a one-time sale, meaning only one buyer can get his hands on the stolen data.
This is the smallest database of the three and contains exactly 47,864 records. Currently, the hacker is asking for 158.68 Bitcoin (~$101,000).
TheDarkOverlord says that all the data is in plaintext and was retrieved from a Microsoft Access database residing in the organization’s internal network.
He claims the following patient details are included in the database: first name, middle name, last name, address, city, state, ZIP, Social Security number, date of birth, gender, email address, various phone numbers, and more.
The second database also contains plaintext data, and the hacker says it was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.
The hacker is asking for 317.38 Bitcoin (~$202,000) for this database, and says the exact number of patient records is 207,572.
He claims the following patient details are included in the database: Social Security number, first name, middle name, last name, gender, date of birth, and address.
The biggest database contains 396,458 patient records, and the hacker is asking a whopping 634.73 Bitcoin (~$405,000).
He claims the following patient details are included in the database: health insurance details (primary, secondary, policy IDs), patient’s address, date of birth, age, phone number, email address, gender, Social Security number, state, ZIP, race, and more.
TheDarkOverlord says this database was stored in plaintext as well, and he got hold of it from an accessible internal network using readily available plaintext usernames and passwords.
Justin Shafer, a security researcher specialized in the healthcare industry, believes that this latter database belongs to the Athens Orthopedic Clinic.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.