NEWS
NEWS
NEWS
Triple healthcare hack puts patient data for sale on the darknet
Healthcare is a common target for hackers looking to make a profit off of the personal information of others. After all, hospitals and healthcare organizations store large amounts of data, often including sensitive information and insurance records, which cyber criminals can utilize in any number of ways. As such, it comes as little surprise to see around 655,000 healthcare records up for sale on the darknet.
The data seems to be from three different breaches, according to HIPAA Journal. According to the hacker selling the data sets, they come from organizations in Missouri, Georgia, and an unspecified area in the Midwest United States.
One database, stolen from Farminton, Missouri, contains nearly 45,000 patient records, while the one from the Midwest held over 207,000 records. The hacker’s posting claims all that it took to steal those were plaintext usernames and passwords, which were easily accessible, and the latter’s network was “severely misconfigured.”
However, the database stolen from an Atlanta, Georgia-based organization is larger than the two of them put together, with nearly 400,000 patient records, including records from Blue Cross Blue Shield and United Healthcare members.
The data was stolen by exploiting Remote Desktop Protocol (RDP), which tech support companies often use to remotely access computers. Softpedia notes that there was a particular bug in the system, which the hacker managed to utilize for his infiltration. Once the hacker had access to the systems, it was just a matter of searching the network until he found the valuable data.
While the hacker initially contacted the companies and offered to give them the details of the bug for a price (a tactic called “bug poaching”), the companies refused.
Now, the information is all up for sale. Each is being offered separately, but the hacker is stating that only one copy of each will be sold. In total, the price for them all would come to over 1000 Bitcoin, or somewhere around $682,110.
The stolen information includes basic personal information such as names, addresses, and emails, as well as vital information such as Social Security numbers and insurance information, making it a valuable target for anyone looking to commit identity theft. Anyone potentially impacted by this breach has been informed, and should take steps to protect their credit and identity immediately; it won’t take long before the hacker finds a buyer.
Image via Intel Free Press
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
