The Dark Overlord is lording it over the US healthcare industry once again. The hacker is offering a fresh trove of 9.2 million patient records on a Dark Web marketplace, for 750 Bitcoin (about $477,000).
The Dark Overlord (let’s shorten that to TDO, shall we?) is advertising the plaintext 2GB database as including names, addresses, emails, phone numbers, dates of birth and Social Security Numbers (SSNs) belonging to 9,278,352 Americans. He or she claims that the data was lifted using a zero-day exploit for remote desktop protocol (RDP).
In TDO’s listing on The Real Deal site, the hacker said: "This product is an extremely large database in plaintext from a large insurance healthcare organization in the United States. Ownership of this database will be exclusive and only a single copy will be sold.”
TDO added, "This has not been leaked anywhere and it has not yet been abused. If you are interested in purchasing this database and would like to make an offer other than what is listed, send a PM [private message]. Only serious offers will be entertained."
IBTimes UK, which broke the news, said that it has not verified the authenticity of the database, it should be noted.
Just a few days ago TDO listed a different healthcare database containing 655,000 records, claiming to have sold some of the data for $100,000. When all is said and done, this breach could net TDO upwards of a half a million dollars—a stark reminder of just how valuable this type of information is. It can be used for fraud, identity theft, phishing, account compromises and more.
In contrast, a Russian hacker going by the handle Tessa88 was recently selling a cache of 32 million Twitter records with account credentials for 10 Bitcoin on the Dark Web. That’s the equivalent of around $5,820, which works out to less than a cent per record.
So, given the laws of supply and demand, it’s likely that the healthcare industry will continue to be every hacker’s favorite cash cow, for the time being. But the nature of the information at stake also makes these organizations ripe for ransom attempts.
“Hospital IT systems are notoriously fragmented and complex, with networks crossing wards, laboratories and offices,” said Brian Spector, CEO of MIRACL, in an email. “They are also among the most vital and important in any organization—because if their systems go down, people’s lives may be at risk. This makes healthcare organisations the perfect victims [for a ransom play].”
The breaches supposedly come from various healthcare organizations scattered around the United States. TDO said that he has threatened each with a ransom demand, and is therefore not naming names—for now.
“The healthcare industry today is squarely at the intersection of security and risk,” said Joe Fantuzzi, CEO of RiskVision, via email. “Ransomware hackers are targeting the lucrative healthcare data opportunity primarily because of the scale of endpoint vulnerabilities that need to be monitored. But endpoint monitoring (security) without risk assessments is not enough, and creates opportunities for the bad guys. Best practices for healthcare companies today are to risk assess end point categories by things like asset criticality and business risk impact. Then companies can ‘find the needle in the stack of needles’ to marginalize these kind of attacks and ensure compliance with things like HIPAA and HiTech.”
Photo © kentoh