Healthcare hack
The hacker claims the information is in plaintext format from a clinic in New York iStock

A hacker attempting to sell multiple healthcare databases consisting of stolen information on US hospital patients has uploaded a fresh cache of data of 34,621 citizens to the dark web.

Listed on an underground website called The Real Deal – which allows vendors to sell everything from stolen government data to exploit kits – the latest upload reportedly contains names, home addresses, birthdates, phone numbers, emails and Social Security Numbers (SSNs).

The hacker in question, self-proclaimed 'thedarkoverlord' describes the database as "considerably large" and claims the information within is plaintext format from a clinic in New York. Like previous breaches, the seller claimed the records were stolen with the use of a previously unknown security vulnerability.

"It was retrieved using a 0-day within the RDP protocol that gave direct access to this sensitive information," the hacker said. "Specifically, this RDP gave access to a desktop that contained a 'Passwords.txt' style file that allowed further effortless penetration of their electronic medical systems."

While 'thedarkoverlord' provided a number of sample records, IBTimes UK has contacted the seller for additional information. At the time of writing, the data has not been independently verified by this publication.

NY Leak
Pictured: Listing on The Real Deal marketplace Screenshot/The Real Deal

The hacker – who currently has no 'positive feedback' on the dark web-hosted marketplace – said that ownership of the database will be exclusive to the buyer and will only be sold once. The description adds: "Almost all of the patients are still alive."

"This has not been leaked anywhere and it has not yet been abused," he or she added. "If you are interested in purchasing this database and would like to make an offer other than what is listed, send a PM [private message]. Only serious offers will be entertained."

This is the fourth database to have been breached and uploaded, if the claims of the hacker are legitimate. Others include healthcare organisations in Farmington, Missouri (48,000 records), central/Midwest US (210,000 records) and Atlanta, Georgia (397,000 records). Additionally, one huge 2GB database was uploaded that purported to includea massive 9.2 million records.

Each of the databases have been given different prices – all in the cryptocurrency bitcoin – with the latest leak costing 30Btc, equivalent to roughly £14,500 at the time of writing.