Millions of Health Records Reportedly Appear for Sale on Dark Web

Two days after reporting that 655,000 healthcare records were found for sale on the dark web, the site DeepDotWeb said today that another insurance database with at least 9.3 million patient records is being shopped around by an anonymous hacker.

Over the weekend, a hacker using the name “thedarkoverlord” was offering for sale records taken from databases managed by three healthcare organizations in Missouri, Georgia and the Midwest, according to the site. The hacker, who was seeking payment in Bitcoins with a value ranging from around $100,000 to $395,000, reportedly told DeepDotWeb, “There is a lot more to come.”

That same hacker appeared again today on a dark web market with an offer to sell another database with more than 9.3 million patient records for 750 Bitcoins, valued at around $485,000. The hacker’s market listing claimed the plaintext data belonged to “a large insurance healthcare organization in the United States.”

ADVERTISEMENT

‘Very Particular’ Zero-Day Exploit

According to DeepDotWeb, the hacker selling the healthcare data claimed the information was accessed through a zero-day vulnerability in the Remote Desktop Protocol (RDP) used to connect devices across a network. A proprietary protocol developed by Microsoft for Windows-based applications, RDP provides users with a graphical interface for managing computer-to-computer communication.

Speaking with DeepDotWeb via Jabber over the weekend, thedarkoverlord reportedly said he was able to access the healthcare records due to “an exploit in how companies use RDP. So it is a very particular bug. The conditions have to be very precise for it.”

As business records have become increasingly digitized and network-connected, the risks of breaches, thefts and data losses have grown. Healthcare data in particular offers the potential for hackers to profit via ransomware or fraudulent claims.

“[W]e have seen how all kinds of illegal goods are traded through black market digital sites, some on the dark net, taking advantage of the anonymization possibilities given by the technology, and many of them on the open net,” Fernando Ruiz, head of operations for the European Cybercrime Centre, said in this year’s “2016 Data Breach Investigations Report” from Verizon. “There is a clear demand for stolen data and, therefore, there will always be criminals ready to supply and satisfy this demand, especially if we take into account the disproportion between the risk-cost-profit, as data can be easily stolen and transmitted.”

‘Bit of a Data Breach Yard Sale’

A check of some of the information included in the recently hacked healthcare databases appears to be old, although some still appears to be accurate, a security blogger who goes by the name “Dissent” wrote yesterday on DataBreaches.net. The blogger noted she had also contacted “one well-known insurer” to find out whether any of the hacked data came from its systems, but had not yet received a response.

DeepDotWeb reported today that thedarkoverlord said in an encrypted chat that he had tried to contact the hacked healthcare organization but “they declined to respond.” He added that the price of the records was “a modest cost” compared to the damage a large-scale leak could cause, and indicated more hacked data could be expected to appear up for sale.

These latest hacked database reports — while they have yet to be validated — appear to involve attempts to sell large volumes of old information taken in breaches some time ago, Christopher Budd, the global threat communications manager at the security firm Trend Micro, told us today. He pointed to last month’s attempts to sell on the dark web 117 million user e-mails and passwords taken in a data breach at LinkedIn four years ago.

“It’s a bit of a data breach yard sale going on,” he said. Budd noted that while no healthcare organizations have yet confirmed the loss of data being offered for sale recently, the RDP protocol is “certainly a vector we’ve seen people exploit in the past.” For now, however, the only evidence for such a breach is coming from the hacker, so more evidence is needed, he said.

Let’s block ads! (Why?)


Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Just in:
CGTN: Beauty in diversity: How wisdom at Nishan Forum inspires global modernization // Abu Dhabi’s Masdar and Iberdrola Back £5 Billion UK Offshore Wind Venture // Behomes Launches Behomes Hub – Cashback & Networking App for Real Estate Professionals // Aramco Eyes New U.S. LNG Offtake in Cameron Deal // Results of the ixCrypto Index Series Quarterly Review (2025 Q2) & IX Digital Asset Industry Index Series Half Yearly Review (2025 1H) // Dong Yuhui’s Fujian Journey: The Sea’s Lesson – 30% Destiny, 70% Determination // DNA‑Crafted Nanomachines Self‑Assemble in Water // Qingzhen’s Zhanjie Town Leverages Ecological Resources to Drive Industrial Upgrading and Integrate Culture and Tourism for Rural Revitalization // Nigeria’s Coastal Highway Passes $747 m Funding Milestone // Sharjah Elevates Real‑Estate Platform with New Digital Portal // Coffee Chains Join Bitcoin Mania with Bold Treasury Moves // MCP Ignites AI Agent Revolution Amid Looming Security Quagmire // Golden Bull Award 2025 Winners Revealed // Entrepreneurs Turn to Harsh AI ‘Red Teamers’ to Stress‑Test Ideas // ADNOC Gas Signs $400 Million LNG Deal with SEFE // $1 Bn Pact to Launch Digital Real‑World Asset Platform // Celebratory 911 Club Coupe Marks Half-Century Porsche Partnership // Tokyo Real Estate Set for $75 Million Blockchain Shake‑Up // OPEC+ Eyes Pause in Production Rises After September Surge // UAE Hits Milestone with EU Delisting From High‑Risk Financial Watchlist //