Home » Featured » New Breach: 655000 Healthcare Records (Patients) Being Sold
Click Here To Hide Tor

New Breach: 655000 Healthcare Records (Patients) Being Sold

June 28, 2016 update: Same hacker, New Breach: Healthcare Insurer Database Of 9.3M Records is Up for sale!

When Paul Syverson, Co-creator of the Tor web browser said that Your Medical Records Have Bullseyes On Them, he probably meant this. According to to what the hacker told us over an encrypted Jabber conversation, he used a “an exploit in how companies use RDP. So it is a very particular bug. The conditions have to be very precise for it “.

The hacker provided DeepDotWeb, with exclusive images of the largest database hack from their internal network, he made sure to redact all the identifiable information “so the target company can remain anonymous for now”:

1fini

2fini

3fini

5fini

The hacker, called thedarkoverlord (trdealmgn4uvm42g.onion/profile/32184), operating on TheRealDeal martet is offering to sell a unique one-off copy of each the three databases which are ranging in price from 151BTC (~100,000$) to 607BTC (~395,000$):

  1.  Healthcare Database (48,000 Patients) from Farmington, Missouri, United States (June 29th update: this was later named as Midwest Orthopedic Clinic) – “a considerably large database in plaintext from a healthcare organization in Farmington, Missouri, United States. It was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords”
    health1
  2. Healthcare Database (210,000 Patients) from Central/Midwest United States – “a very large database in plaintext from a healthcare organization in the Central/Midwest United States. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.”
    health2
  3. Healthcare Database (397,000 Patients) from Georgia, United States“a very large database in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords.”
    health3

The hacker himself requested to add a note to the breached companies:

Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.

We will be following and updating.

35 comments

  1. thedarkoverlord is best for medical data, fuck usa

  2. Does anyone know what happened with the Virginia hospital hack of several years ago? The hacker(s) left a taunting message that made the news. Does anyone know if the thief(s) was ever caught?? Was the case ever resolved? Was ransom paid? Would very much like to know. Thanks.

    http://www.dailymail.co.uk/news/article-1178276/Hackers-demand–10m-ransom-hijacking-millions-medical-records.html

    • I followed up for a year. The hacker had not been caught by then. AFAIK, there was no ransom paid, but do we really trust them to tell us the truth about that?

  3. My vote goes to Athens Orthopedic Clinic. They seem to use SRS EHR, and they have a Dean Crowell which could be the username dcrowell.

  4. thedarkoverlord

    Hacker here. Anyone have questions?

    • —–BEGIN PGP SIGNED MESSAGE—–
      Hash: SHA1

      Can confirm that this is indeed the hacker
      —–BEGIN PGP SIGNATURE—–
      Version: GnuPG v2.0.22 (MingW32)

      iQIcBAEBAgAGBQJXcGEtAAoJEFZsp31vYLzOepQQAJWLJOp5XKh0wKJYkvTaSX1S
      ipuCeMuPbeITs5NhvriSBjdbE4tnVDuIAXqtXp8kAqik9qd4i+fT0kawH8mLDLcR
      YlbJkwyCJa1RWunPe0jLIEGZqs5s5TWiwNRCIl2fE8POywqZx8noaY/8SU6rWidq
      JnVnoYS9Yzbve9VjiXeOppp3AvxuHatlNqhLgmPbyd/redqve5ZU/saHCsieJoAv
      uD1UmrZxp3VPoMBnEXbx6Lua0aXMoarvZ+975Xb/OFI06Hkv5IW/68Veck7kU6ra
      WL3lXOxGn/K2xyU2XKQVeaqMaJn1kFIfIieWhSC6aZZ6GPSW6PXcARolBpGGJMcx
      FrkpJWDN+Ipt1EN5C+/nBvQ6p6nxCybpNL/Ht4NBWtSV7UhNUmmL6AcRi4ZTsfp9
      DZxm05Bn7yYWig6t3QQTep3pKLqO+hS3Hjnfu5D4MBn/DGY3s2X315i/X4glXVPP
      uV1jdMEHBmtA1318KFm9AzFUE8yPgIRsZbMPkCVHsecyh/vSoGAtT2jrWAr8n0E/
      5flOZw9TalhX+NY4yGwLXP7v/I+Vi1ZPRVNXJfeQ/24RuW6OoWRfphlRP7xIJj0T
      RtHAADd4ElzjoVL66mHWcpwidZJZ+US4IkuD+bwCEXfEtXIQGQU+ExLb6yjwh0Fe
      t+PXS52ohzgghgulbCyG
      =CSle
      —–END PGP SIGNATURE—–

    • Yeah! How did you exploit the server? Word List on the RDP? MetaSploit? Or did you find a remote desktop connection file somewhere???

      Could you like… “not” sell this? I mean, can’t you target people who deserve it? Or screw over who actually buys it???

      Think about it. I know people have security problems, and this brings this to light, but PLEASE don’t actually go through with selling the actual data. You could do some real good, man.

      • thedarkoverlord

        I can refrain from publishing or retailing this database. Would you like to pay me to stop me from doing this?

        • Not.. not really.. no… I think you made your point. Plus, I just dropped my phone.. and have to buy another one. I am pissed.

          Come on man! By yourself a beer, no need to hurt.. hurt people.

          • Especially when the people that stand to be hurt is the patience. Why target them? IMO, doing that to the people that went to the hospital makes you total scum. Just because the hospital won’t pay you, you throw a temper tantrum and punish people that needed medical attention. Asshat.

        • Im curious on his original question, in this post it says you used “an exploit in how companies use RDP. So it is a very particular bug. The conditions have to be very precise for it “ other reports mention using a 0day within RDP. Do they mean the same thing? or is the 0day reliant on how companies use RDP?

    • What good are these records? Why would they be worth so much?

      • For identity theft, medical identify, and extortion (if people don’t want sensitive medical or mental health conditions revealed publicly or to their employers).

      • thedarkoverlord

        You sound like a small minded person who cannot understand the bigger picture.

        • Please enlighten me further. Besides identity theft (which, while this has everything laid out and ready to harvest) and blackmail, how else would these be monetized? I mean, give me a broad stroke walk through (no specifics necessary) of how one would generate a significant return after a investmenting $100K – $400K for the data?

          What is so unique (or valuable) about specifically medical data?

          Identities are stolen all the time without the need for access to medical DBs so–outside of the volume–that itself isn’t unique. And if volume is the important factor, essentially then your ideal customer is someone who will resell these records in piecemeal?

          I just have a hard time believing that someone with $400K in liquid assets is going find it worthwhile to resell data. So there has to be a more effective and lucrative way that this will be monetized–assuming it is priced inline with the market.

          Could it be something like a buyer partnering up with a doctor (or doctors) to use this information to impersonate patients and bill the insurance company for medical treatment that never occurred? I could see something like that possibly generating a significant return much more quickly than reselling the information.

          Thoughts?

          *Note: I am just generally curious. Mostly because it would be quite a sizable and risky investment for someone with $400K liquid to find appealing. I am not trying to “learn” how to get into this, nor am I here to engage in a debate about ethics, nor am I law enforcement.

          **Note: Did you actually warn these people about their vulnerable systems, offer to fix it and when they declined you went to Plan B (sell the data)?

    • acuriousperson

      I think you did think creatively. I find the locations interesting to say the least. In addition the original company the fish and what they do. You must play chess and your endgame?

    • Yo my information is in this particular hack. Could you be a dear and take it out. Thanks

  5. HeLL forum: legionhiden4dqh4.onion

  6. This is awesome good job [email protected]@!

  7. HeLL forum was hacked.

    Russian guy sell the SMF script – FULL SQL DB – FULL DB’s/DUMPS repo – legionhiden4dqh4.onion hidden-service private key
    – Price: 1 btc – contact jabber: [email protected]

  8. snds lik the barns jewish health company or saint anthonies in the centrel mid wert

  9. USA seems to be a fucked up country to live in, your life can get destroyed with 1 fucking number!

  10. Dear Mr overlord,

    First off I am your biggest fan!

    You are the fucking man! Show these dumbasses that network security at a fucking hospital is no joke, my brother went to MIT for 8 Long years and strait out of school applied for a job at a huge hospital (500+ beds) very upper east cost USA he was the IT department he had 6 or 7and he said a restarted 8 year old could hack this place! To prove his point he used a loophole he ordered 1000 80MG oxys, pharmacy but changed the office to him 24 hrs later the drugs were there him and I saved some for fun and sold the rest! No one ever asked him about it! He has worked there for the past 8 years and said the loophole is still there!

  11. Apologies. I need to understand things from a hackers point of view. Please spare 5 minutes and I will repay in whatever form you wish for me to. sorry to be such a newbie!

    Would be grateful

    +447944741843

  12. I cannot believe how unethical people can be. To me this is the equivalent of walking into a store where there are no security cameras with nobody minding the store, taking what you want and walking out. Just because you can do something DOESN’T MEAN YOU SHOULD. What is wrong with people??

  13. Another 9.3 million records in addition to these 655,000 are out there? Can you confirm? Any links to the updated numbers?

  14. If the companies wanted to pay up, what assurances do they have that the data would not be released anyway? If the hacker wants to get paid, I assume he’s going to have to provide some level of trust or no one would ever pay him. But providing that trust seems tough to do after taking all those patient records. Someone must have figured out how to do this, so I’m just wondering how that part works.

  15. Bravo. There is so much more to be learned here..first off, they WERE WARNED about impending leaks and were prompted to pay so all could be mum..but alas, egos took over and it was a decision made by a human not to pay. Stop all the crying over spilled milk. Great job darklord, I admire you from afar. You fairly gave a chance and you have held to your word, exemplifying that true hackers are and can be trusted, it’s the ones we blindly trust that can’t be at all. Tip of the hat, darklord.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *