Hacker says selling records on dark web 'furthering the enhanced security' of healthcare

Cybersecurity

A hacker who is offering up medical records for sale on the dark web says he feels no guilt about his actions, adding that what he is doing is “furthering the enhanced security and development of new protections."

The hacker spoke anonymously with HealthcareInfoSecurity.com’s Jeremy Kirk over encrypted instant messaging, Kirk writes in a post for the website.

Earlier this week, it was reported that health records for up to 10 million people were up for sale on TheRealDeal market. Information for 9.3 million people, from a health insurance database, went up for sale on TheRealDeal for 750 bitcoin ($485,000) on Tuesday. The hacker, two days earlier, put records for roughly 655,000 patients across three hospitals for sale online.

Kirk, in his post, notes that it is hard to verify much of what the hacker has told him, but that he revealed some steps taken to gain access to records at a small orthopedic clinic.

The hacker tells Kirk he copied the clinic's Microsoft Access databases and is currently asking for about $39,000 in ransom by late next week. Kirk adds that the hacker shared with him roughly 47,800 records that he obtained from the clinic. The journalist was able to confirm with some patients that they had indeed visited the clinic.

In the wake of this new kind of attack, the healthcare industry is on high alert as such threats continue to evolve.

To learn more:
- here's the HealthcareInfoSecurity.com post