Tag Archives: databreach

Hacker selling 655,000 patient records from 3 hacked healthcare organizations

A hacker is reportedly trying to sell more than half a million patient records, obtained from exploiting RDP, on a dark web marketplace.

A hacker going by “thedarkoverlord” is reportedly selling 655,000 patient records on a dark web marketplace; he claims to have three separate healthcare databases which include patients’ full names, Social Security numbers, dates of birth, addresses and more – data that could be used for identity theft and fraud.

The hacker claims to have exploited Remote Desktop Protocol (RDP) at three healthcare organizations in order to steal the databases. Thedarkoverlord told DeepDotWeb that “it is a very particular bug. The conditions have to be very precise for it.”

He also provided screenshots taken on June 13 as proof of the intrusions, showing the extent of sensitive patient information in the records. The databases contain Social Security numbers, patients’ full names, race and genders, addresses, dates of birth, phone numbers, insurance information and email addresses. That’s more than enough information for a thug to impersonate a victim to set up a line of credit or to take out a loan.

The databases being advertised on TheRealDeal marketplace allegedly include 48,000 patient records from a healthcare organization in Farmington, Missouri, another 210,000 records from Central/Midwest US, and 397,000 healthcare records from Georgia.

Although “thedarkoverlord” is offering “to sell a unique one-off copy of each of the three databases,” the hacker told Motherboard that he has already sold $100,000 worth of records from the Georgia organization. “Someone wanted to buy all the Blue Cross Blue Shield Insurance records specifically.”


The asking price for the full healthcare database with nearly 400,000 records from Georgia is 607.84 bitcoins, which at the time of writing is currently about $389,390. The hacker described it as “a very large database in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords.”

He wants 303.92 bitcoins, about $195,147, for 210,000 patient records from “a very large database in plaintext from a healthcare organization in the Central/Midwest United States. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.”

As for the 48,000 records being sold for 151.96 bitcoins, about $97,574, he claims the plaintext database came from a healthcare organization in Farmington, Missouri. “It was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords.”

If thedarkoverlord sells all three healthcare databases just once, then he would make about $682,110. If he also made $100,000 for the Blue Cross Blue Shield data, and only does that once, then he stands to make more than three-quarters of a million dollars for his criminal activities.

Hacker wants hush money, delivered ransom demand to each organization

The hacker is not revealing the names of the breached organizations yet, since he is trying to extort a ransom from them. He told Motherboard the ransom demand is “a modest amount compared to the damage that will be caused to the organizations when I decide to publicly leak the victims.”

Thedarkoverlord asked DeepDotWeb to include the following note for the breached companies:
“Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.”

Hard Rock Las Vegas suffers a second data breach

For the second time, the card-processing network was compromised

On Monday, Hard Rock Hotel & Casino in Las Vegas disclosed data breach, after malware was discovered on their card processing system. This is the second time the casino has had to report such an incident.

In a statement, Hard Rock said that on May 13, the resort started an investigation after receiving reports of fraudulent activity on cards used at their Las Vegas location. The investigators discovered unauthorized access to the card-processing network, and later discovered malware on the systems themselves.

The malware targeted card details such as the customer’s name, card number, expiration date, and internal verification codes. In other instances, the malware only obtained card data, but no names.

The breach timeline includes cards that were used at some restaurant and retail outlets between October 27, 2015 and March 21, 2016. It’s important to note, this incident only impacts the Hard Rock Hotel & Casino in Las Vegas.

Last year, in May, Hard Rock disclosed a similar data breach that impacted payment cards.

The compromised cards were used between September 3, 2014 and April 2, 2015, at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant.

Given that this is the second data breach under similar circumstances, it looks as if the clean-up on the first incident didn’t catch everything.

Otherwise, the situation is worse from a security standpoint. This week’s disclosure could point to the fact that criminals were able to access the payment network a second time using the previous methods, or managed to find another way in.

Either way, the incident shows that the network was clearly left vulnerable to some degree, and criminals exploited this fact in just over five months.