Another 655,000 healthcare records have gone up for sale on the Dark Web.
The hacker responsible goes by the name “thedarkoverlord,” and purportedly already sold some of the data for $100,000.
“The hack carried out by ‘thedarkoverlord’ is a poignant reminder of just how valuable healthcare information is on the black market,” said Vishal Gupta, CEO of Seclore, via email. “According to the hacker, some of the healthcare records have already sold for $100,000. To put that in perspective, the individual behind the LinkedIn breach tried to sell 117 million compromised passwords for only $2200.
When all is said and done, this breach could net ‘thedarkoverlord’ upwards of a half a million dollars, which is why healthcare organizations are so heavily targeted by cyber-criminals.
“Until companies are able to reduce the value of their sensitive information by applying persistent data-centric security solutions, the healthcare industry will continue to be every hacker’s favorite cash cow,” said Gupta.
According to Deep Dot Web, the breaches come from three different healthcare organizations: one in Farmington, Mo. with 48,000 records; another in Atlanta, Ga. with 397,000 entries, and the third in the Central/Midwest US with 210,000 records. Thedarkoverlord said that he has threatened each with a ransom demand, and is therefore not naming names—for now.
“A modest amount compared to the damage that will be caused to the organizations when I decide to publicly leak the victims,” thedarkoverlord said, adding that “Someone wanted to buy all the Blue Cross Blue Shield Insurance records specifically.”
Overall, breaches in healthcare are costing the industry $6.2 billion per year, according to the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, conducted by Ponemon Institute and sponsored by ID Experts. They remain consistently high in terms of volume, frequency, impact and cost.
A full 89% of healthcare organizations and 60% of their business associates have experienced data breaches over the past two years. And 79% of healthcare organizations experienced multiple data breaches (two or more) in that time period—up 20% since 2010.
Photo © mikser45