A hacker claims to have access to millions of health records of American patients. The hacker has also advertised the sale of the data on the Dark Web.
The hacker going by the name "thedarkoverlord" listed the sale of the health record on TheRealDeal, a black market on the Dark Web.
The hacker has also sent images of the purported leaked data to DeepDotWeb. If the report is to be believed then the hacker has access to data of millions of Americans, including names, date of birth, address and Social Security number, which are enough to commit identity theft.
DeepDotWeb reports that the hacker has database of several health care organizations in the U.S. and the health records are sold for between 151 bitcoins and 607 bitcoins ($100,000 and $395,000).
One of the databases is from Farmington, Missouri, which contains records of 48,000 patients. The second database originates from Central/Midwest U.S. and it contains records of about 210,000 patients. Another database includes information of 397,000 patients from Georgia. In total, the hacker claims to have access to about 10 million health records.
DeepDotWeb claims to have spoken to the hacker through an encrypted conversation, where the hacker revealed that the health records were leaked with an exploit for Remote Desktop Protocol (RDP), which can give unauthorized access to remote devices.
The authenticity of the health data remains unclear. However, Motherboard has managed to obtain a sample of 30 patient records from the Georgia database. Motherboard validated the data and found that the name, address and other data of individuals from the database were correct.
Reports also suggest that the hacker has already sold more than $100,000 worth of health records from the Georgia database.
Hackers are increasingly targeting the health care industry to steal personal and confidential data. In February a hospital based in Los Angeles paid about $17,000 worth of bitcoin to hackers who disabled the hospital's computer network.
Gadi Evron, the co-founder and CEO of network security company Cymmetria, says that hackers are keen on targeting the health care industry and selling patients data on the Dark Web. Evron suggests that the industry is working hard to tackle the situation, but with the potential gain associated with health care records, hackers are attacking them more than before.
The health care industry will have to deploy strict security measures to their computer systems to avoid any data leak.
The hacker did not reveal any details on the health care organizations from which the data have been compromised.
Photo: Dani Latorre | Flickr