Extortion refusal sees 655,000 patient records put on dark web

28 Jun 2016

After failing to have their demands met, a hacker in the US has put 655,000 patient records, which include medical and insurance information, up for sale on the dark web.

Unbeknownst to the 655,000 victims of this considerable data breach, the first batch of records appeared on the dark web – the seedy underbelly of the internet – on Sunday (26 June) after a person going under the username ‘TheDarkOverlord’ placed three separate databases up for sale.

According to the Daily Dot, the three databases cover three different areas of the US, it discovered following online conversations with the person – or persons – who operate the TheDarkOverlord account on the marketplace, TheRealDeal.

Demanding total of $700,000

The first and smallest of the databases originated from the town of Farmington in Missouri where 48,000 records were obtained, including the patients’ entire personal details and social security numbers, priced at $100,000.

The second database of 210,000 records appears to be more vague, originating from the central or mid-west US priced at $200,000, and seems to just include personal details of the patients.

Finally, the third patient database contains 397,000 patient records and, at $400,000, contains the largest and most detailed database of patient records from Atlanta in the state of Georgia, including details on primary and secondary health insurance.

‘Like stealing candy from a baby’

In online conversations with TheDarkOverlord, the hacker(s) said that the software used in the final entry to protect these records was found to be very vulnerable – SRS EHR v9 to be exact – which they described as being “like stealing candy from a baby”.

Despite their attempts to profit to the tune of $700,000 for their malicious activity, they actually advised anyone using this particular software to “cease activity of it immediately”, before going on to say: “I have already plundered as many as I could find since I discovered the vulnerability.”

As it turns out, the databases have been released following an attempt by TheDarkOverlord to extort money from the victims of these data breaches, all of whom refused to give in to their demands.

While they obviously take the opinion that it’s better for victims to give in to their demands, there are further worries for healthcare operations in the US as the hacker(s) warned that “there is a lot more to come”, saying they have gained access to databases since the beginning of the year.

Patient records image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic