Hacker Obtains 655,000 Patient Records

Recently, a hacker obtained medical records for about 655,000 patients and is auctioning them off on secret internet sites called the Dark Web.

According to DeepDotWeb, who was contacted by the hacker under the identity of “thedarkoverlord,” the databases of information are being sold within the range of $100,000 to $395,000.

The hacker states that 1 database includes 48,000 patients from Farmington, Missouri. Another includes information from 210,000 patients from the Central/Midwest, and the largest database includes 397,000 patients from Georgia.

These databases had something in common: the use of plaintext usernames and passwords.

According to the hacker, they had offered to fix their security issues and not leak the information in exchange for a small fee. The information included were full names, addresses, social security numbers, phone numbers, dates of birth, and insurance information, according to an article published by Fox News.

Fox News also reported that Motherboard, an online technology magazine, allegedly obtained some of these records and were able to confirm the accuracy of its information through phone calls to the patients whose records were compromised. It is clear that all healthcare companies with patient records stored electronically need to revisit their security protocols to avoid the situation at hand.