Home » Featured » New Breach: Healthcare Insurer Database Of 9.3M Records Being Sold
Click Here To Hide Tor

New Breach: Healthcare Insurer Database Of 9.3M Records Being Sold

Only 2 days ago we reported about 655000 Healthcare Records (Patients) Being Sold,by an anonymous hacker on TheRealDeal market, at that time the hacker called thedarkoverlord (trdealmgn4uvm42g.onion/profile/32184) promised that we should expect more – and soon after, he delivered in the form of a new sale of hacked Healthcare Insurance Database containing no less than 9,300,000 patients records from United States:

hackerrecords

The hacker stated on the sale page:

This product is an extremely large database in plaintext from a large insurance healthcare organization in the United States. It was retrieved using a 0day within the RDP protocol that gave direct access to this sensitive information.

The info contained in the database includes: Firstname,Lastname,Address1,City,State,Zip,Email,HomePhone,CellPhone,DOB,SSN

The database is being sold for 750BTC – the which is around 485,000$ at this time.

Dissent Doe, a security researcher reported on her blog that she managed to verify that the data was real by calling on of the persons from the DB, using some sample listings provided to her by thedarkoverlord, and concluded:

So the data look real, but some of it may be old. That’s not necessarily surprising, as many companies seem to be allergic to purging old data.

The hacker added in an encrypted chat with DeepDotWeb:

This hacked was done using Same RDP 0day from the previous released DB’s

He also said that the info is recent although some portions of it are indeed old.  When asked if he tried contacting the company he replied:

Contact was attempted with the victim organization. However, they declined to respond. The attempt was made with each of their board of director members

And also added:

Why not just pay? Money makes it all go away and it is a modest cost compared to the total financial damage you will suffer if you do not pay to keep it from getting leaked.

When asked if we should expect more leaks of personal info from the healthcare system, he replied:

We are just getting started!

We will keep following and updating, and can’t help wondering if those breached companies are being held accountable in anyway for not putting enough of their huge profits into protecting their most precious and private data.

7 comments

  1. What a twat he is.

  2. basically he did a great job and they wont pay for security.
    Basically genius. Or idiot?

  3. Any idea which org was hacked?

  4. Is it really a surprise that the insurance company didn’t pay the fee ? Insurance companies have a single objective – make money. Do u think they have a moral compass or give a fuck ?

  5. I wonder if this was Anthem in California. I had Anthem BlueCross BlueShield and about a year ago, maybe more, they were hacked and I received mail stating that me & my family’s info was leaked. They offered 2 years of identity protection for free but I’m sure the hackers wait at least that amount of time before doing anything. I hope my info isn’t in there. :-(

    • ThatOnePerson

      That is why i don’t want and hope that i won’t have to live in the U.S. You risks getting your private/sensitive information exposed the most. Since U.S fullz are so easy to get that they only sell for a buck or two. And luckily, I am not living in the U.S so…. :)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *