A hacker going by the pseudonym "thedarkoverlord" is reportedly selling over 650,000 personal US healthcare records on a dark web marketplace The Real Deal. The data dump also includes personal information such as full names, social security number, addresses, date of birth and insurance information. The hacker is asking for a total amount of over $700,000 (£522,607) in untraceable bitcoins for the data dump.
The hacker told Motherboard that the data on sale could also be used for a variety of criminal and fraudulent activities by malicious entities, such as opening new bank accounts, acquiring credit lines, conducting loan fraud and more. The hacker allegedly acquired the data from three different US healthcare organisations – one in Farmington, Missouri with 48,000 records, another somewhere in central/midwest US with 210,000 records and a third in Atlanta, Georgia with 397,000 records.
The hacker's adverts for the healthcare records were first spotted by Deep Dot Web, which outlined that the hacker allegedly informed the healthcare firms about the breach and offered to disclose information on how the data was accessed for a price, Softpedia reported. The hacker also claims to have already sold $100,000 worth of records from the Georgia healthcare organisation's data dump. "Someone wanted to buy all the Blue Cross Blue Shield Insurance records specifically," the hacker claimed.
The hacker also claimed that he was able to acquire the data by exploiting an unknown bug in the Remote Desktop Protocol (RDP), which is generally used by tech support staff to control computers, after having been authorised by the owners of the system.
The hacker has assigned different prices for the data dump from each of the healthcare organisations, with the Georgia dump priced at over $400,000, the Missouri dump at over $100,000 and the remaining data at over $200,000. The data is on sale at The Real Deal, which is a popular dark web marketplace, known to be one of the most prolific cybercrime hubs.