Hacker claims to have obtained more than ten million health records and selling the data to the highest bidder on the dark web.
The seller, who goes by the name “thedarkoverlord” began listing the data over the weekend, but could not be immediately contacted on Monday.
The largest batch of data, which the seller claims to contain a little over 9.2 million health insurance records from US patients, is on sale for 750 bitcoins. At Monday’s rate, that’s about $486,000. The data includes names, addresses, emails, phone numbers, dates of birth and social security numbers. The hacker said the data was stolen by exploiting an disclosed zero-day flaw in the remote desktop protocol (RDP), which can allow a user to remotely view another user’s desktop. Another batch of data includes 207,000 records from an unnamed healthcare organization in the US midwest region, on sale for 170 bitcoins (about $110,100 at the time of writing).The seller also claims to have close to 397,000 records from members in Atlanta, Georgia — most of which are from Blue Cross Blue Shield and United Healthcare, which is being sold for 300 bitcoin (or about $194,000).