Hacker looks to sell 9.3 million alleged patient healthcare records on the dark web

A hacker is attempting to sell 9.3 million alleged patient healthcare records on the dark web, according to security experts, just days after 665,000 records reportedly went on sale.

Security researcher Dissent Doe reports that the database containing records from an unnamed U.S health insurer has been listed on the TheRealDeal, a shadowy dark web marketplace that provides anonymity to buyers and sellers.

A hacker who goes by the name ‘thedarkoverlord’ listed the database for 750 Bitcoin, equal to $486,555. Information contained in the database includes “Firstname, Lastname, Address1, City, State, Zip, Email, HomePhone, CellPhone, DOB, SSN,” according to Dissent Doe.

The authenticity of the data is unclear.

Three sample records were reportedly provided on the TheRealDeal but Dissent Doe said that emails to two of the individuals listed bounced back, which could indicate out-of-date information.


The hacker also provided the researcher with 100 additional records but attempts to validate the information suggest there might be a lot of old data in the database. “One person, reached by phone, confirmed the accuracy of her date of birth and Social Security number, but reported that the address was one where she had lived years ago,” wrote Dissent Doe. “When asked what insurance she had at the time, she indicated that she was on Medicare and Medicaid.”

“So the data look real, but some of it may be old,” added the researcher. “That’s not necessarily surprising, as many companies seem to be allergic to purging old data.”

The hacker said that the data was retrieved using a zero-day attack within the Remote Desktop Protocol (RDP) that gives remote access to devices.

The dark web, or darknet, refers to private networks built from connections between trusted peers using unconventional protocols. Dark Web is just one part of what is known as deep web – a vast network which is not indexed by search engines such as Google and Bing.

Cybersecurity specialist Cymmetria told FoxNews that it came across the healthcare records while analyzing threats. “The total is staggering, totaling over 9 million records leaked and now for sale on the dark web,” said Cymmetria CTO Dean Sysman, in a statement emailed to FoxNews.com. “This new slate of breached records shows that the hacker has been able to breach across organizations and especially within them using lateral movement across those providers.”

On Saturday Deep Dot Web reported that an individual also using the moniker ‘thedarkoverlord’ listed 655,000 alleged patient healthcare records on TheRealDeal, containing information such as social security numbers, addresses, and insurance details.

The databases are said to be from three different healthcare organizations and are being sold for between around $100,000 and $395,000, Deep Dot Web reports. One database originated in Farmington, Missouri, and contains 48,000 patient records, according to the report, while another is from the Central/Midwest U.S contains 210,000 patient records. A third database from Georgia, U.S., has records on 397,000 patients.

The authenticity of the 655,000 alleged healthcare records is still unclear.

Healthcare is an increasingly attractive target for cybercriminals. In February a Los Angeles hospital paid nearly $17,000 in Bitcoin to hackers who disabled its computer network.

The FBI has not yet responded to a request for comment on this story from FoxNews.com.

Follow James Rogers on Twitter @jamesjrogers