Tuesday, March 5, 2019
Home / Security / Breaches / An estimated 10 Million Healthcare records up for sale on the Darknet

An estimated 10 Million Healthcare records up for sale on the Darknet

A hacker named Thedarkoverlord has been found offering a fresh plundering of  9.2 million patient documents on a Darknet marketplace, for 750 Bitcoin (around $477,000).

The hacker is endorsing the plaintext 2GB database as including names, addresses, phone numbers, emails, dates of birth and Social Security Numbers (SSNs) belonging to 9,278,352 Americans. They allege that the information was lifted using an zero-day exploit for remote desktop protocol (RDP).

The database is listed on The Real Deal site, and the hacker states “This product is an extremely large database in plaintext from a large insurance healthcare organization in the United States. Ownership of this database will be exclusive and only a single copy will be sold.”


“This has not been leaked anywhere and it has not yet been abused. If you are interested in purchasing this database and would like to make an offer other than what is listed, send a PM. Only serious offers will be entertained.”

IBTimes, which first released the news, mentioned that the authenticity of the database is not verified.

The same hacker also listed a different healthcare database which contained over 600,000 records. He claimed to have sold it for $100,000.

These aren’t the only sales coming from the account. Over 210,000 patients from Oklahoma City, Oklahoma, 397,000 from Atlanta, Georgia and 48,000 from Farmington, Missouri are also for sale. All databases contain full names, addresses and SSNs.

So, considering the law of supply and demand, it’s expected that the healthcare sector will still be every hacker’s preferred cash cow, for the moment. But the nature of the data at stake also renders these organizations ripe for ransom.

The breaches apparently are from a variety of healthcare organizations distributed around the United States. The hacker stated that he has threatened each with a ransom demand, and is therefore not identifying who he hacked, for now.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …