A hacker going by the name thedarkoverlord has reportedly obtained the health records of about 655,000 patients and is offering to sell the information for anywhere from 151 bitcoins to 607 bitcoins, the equivalent of approximately $100,000 to approximately $395,000.
The hacker told DeepDotWeb he used "a very particular bug" to exploit three healthcare organizations, which remain unknown. The hacker provided DeepDotWeb with images of the database hack from its internal network, eliminating any identifiable information so the targeted organizations remains anonymous.
The hacker said one database comes from Farmington, Mo., and contains information on 48,000 patients. Another database comes from the Central/Midwest region of the U.S., containing information on 210,000 patients, and the third is from a Georgia organization and contains information on 397,000 patients.
The hacker also spoke with Motherboard, saying the monetary demands are "a modest amount compared to the damage that will be caused by the organizations when I decide to publicly leak the victims." The hacker claims to have already sold $100,000 worth of records from the Georgia database.
In comments to DeepDotWeb, the hacker requested to say the following to the breached companies: "Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come."
Information in the database reportedly includes names, addresses, Social Security numbers, birth dates and insurance information, according to Motherboard.
The hacker accessed each of the databases using "readily available plaintext usernames and passwords," he told DeepDotWeb.
More articles on data breaches:
12 latest healthcare data breaches
Healthcare is a win-win target for hackers
Kern County Mental Health Department reports potential PHI breach