Three Hacked Hospital Databases Up For Sale On Deep Web

A new week has started, which also means there is a brand new data breach to discuss. One hacker managed to obtain over 650,000 healthcare records using an exploit in the Remote Desktop Protocol used by an institution. Although it remains unclear as to which hospital was attacked, this story goes to show how lackluster IT security keeps plaguing the healthcare industry.

Patient Records Up For Grabs

TheMerkle_Healthcare Databases Hacker

As one would come to expect from such a major data breach these days, the information is being sold on the deep web. TheRealDeal is a notorious marketplace among internet criminals, and he is willing to sell each of the three individual databases for a different price. Bitcoin is, of course, the method of payment for this type of information.

One of the databases contains 48,000 patient records from Farmington, Missouri. All of the information in this database was natively stored in plain text. Allegedly, the hacker retrieved it from a Microsoft Access database using common usernames and passwords. Not the best of security practices in the healthcare industry, to say the least. This database will cost users 151 Bitcoin to purchase.

The second largest database comes from a healthcare organization in the Central/Midwest US. It contains roughly 210,000 records and was stored on a misconfigured network. Similar to the first, the hacker managed to obtain this information by using plaintext usernames and passwords. Hospitals do not take their security seriously by any means.

The grand prize, however, is a list of information obtained from an institution in Georgia. With nearly 400,000 patient records – and a price tag of 607 Bitcoin – this is a treasure trove of information for those willing to spend big money on it. All of the information in this database was stored in plaintext as well.

Unfortunately, all of this paints a very worrisome picture for hospital IT security in general. Storing confidential information in plain text is not acceptable. Moreover, using horrible security measures through common usernames and passwords is one of the worst ideas. Something has to change sooner rather than later, as this may only be the tip of the iceberg of what is to come.

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.