One of the healthcare provider based from Baltimore having its record stolen now finds them for sale on the Dark Web for less than one cent per record. Baltimore substance abuse treatment facility had its database hacked on August 2016.
The DataBreaches blog first uncovered about this hack mentioned about a hacker named “Return” might be a Russian describes how the data at Man Alive Clinic was compromised with the help of the social engineer, applied to one of the employees. Word file with the malicious code was downloaded.
Find the Sample Data below provided by ‘Return’ contains 727 pages of unredacted patient profiles and information about 633 patients. These are the fields which were commonly found in all patients,
- first and last name
- date of birth
- full Social Security Number
- postal and email addresses
- home and cell phone numbers
- a physical description of the patient (height, weight, eye and hair color)
- race
- driver’s license number and state
- marital status
- employment status
- emergency contact person; and
- whether their status at the facility is active or inactive
Including to this, it had info about their ongoing treatment, whether they are on methadone, the names of their doctor and counselor, dosing information; and payment option.
He also claimed he had 43,000 records acquired about patient records from the mental health treatment part of the clinic but didn’t provide any evidence for its existence.
Flashpoint ‘s Director told that healthcare records are the key economic driver on the Dark Web for many years since they are the rich source of permanent personal info for types of fraud like insurance, tax and even identity.
On August 24, 2016, “Return” posted the following on crdclub.su:
—SSN+DOB database, MD, 43kI’m selling a “full info” database, Maryland state. In PDF format. 43k records from medical clinic.
A sample: <“PatientProfile.pdf” – see attachmments for screenshots of sample records>Price: $300
Payment: BTC only
A chat with Return indicated that he had given Man Alive the opportunity to protect the patient information from sale by paying him 15 BTC. He adds, “This is very confidential information, so why not earn money, I think they spend more money on the court if customers learn about the disclosure of sensitive data;)”
Man Alive’s Response still remains neutral and there has been no payment to the hacker. Protecting personal information on the web is the hardest things nowadays so stay anonymous using a VPN secure channel.