Hacker Advertises Slew of Alleged Healthcare Organization Records

"Thedarkoverlord" claims to have already sold $100,000 worth.

Joseph Cox

Joseph Cox

Image: nito/Shutterstock

A hacker is advertising hundreds of thousands of alleged records from healthcare organizations on a dark web marketplace, including social security and insurance policy numbers.

The data could be used for anything from getting lines of credit to opening bank accounts to carrying out loan fraud and much more, the hacker selling the data, who goes by the handle "thedarkoverlord," told Motherboard.

News site Deep Dot Web first reported the news on Saturday. The breaches supposedly come from three different healthcare organizations: one in Farmington, Missouri with 48,000 records; another in Atlanta, Georgia with 397,000 entries, and the third in the Central/Midwest US with 210,000 records. Thedarkoverlord has decided to not name the organizations, as he has threatened each with a ransom demand.

"A modest amount compared to the damage that will be caused to the organizations when I decide to publicly leak the victims," thedarkoverlord said, although he claims to have already sold $100,000 worth of records from the Georgia dump. (The hacker declined to provide his or her gender, so for ease of reading Motherboard will just refer to the hacker as "him.")

"Someone wanted to buy all the Blue Cross Blue Shield Insurance records specifically," he said.

Motherboard was provided with a sample of just under 30 patient records from the alleged Georgia dump. The vast majority of phone numbers went through to the correct person or family home, and one individual confirmed the rest of their details, although the physical address was out of date. Most of those persons contacted from the sample declined to be interviewed.

Included within the dumps are alleged social security numbers, full names, physical addresses, dates of birth, and insurance information, such as policy identification numbers.

The hacker claims he obtained each database in roughly the same way each time via an unknown vulnerability in remote desktop protocol, which allows (usually) authorised parties to control computers for things such as tech support. From here, thedarkoverlord claims he moved throughout the network "until I got to the juicy machines running their electronic health systems."

Thedarkoverlord is selling the Georgia dump for just over 643 bitcoins, or around $411,000. The hacker expects people to pay this price, he said. The others are being sold for around $100,000 and $205,000 each, and all are listed on the Real Deal marketplace, which has become a particularly popular hub for stolen data.