A hacker that claimed to have stolen databases from three U.S. healthcare organizations and has advertised more than 650,000 patient records as up for sale on Dark Net, increased that number today to a staggering 9.3 million.
The hacker, who goes by the name of "thedarkoverlord," is also holding the records for ransom, asking the as-yet-unnamed healthcare organizations to pay $100,000, $205,000 and $411,000 for the first three databases, according to two published reports.
Dissent Doe, a security researcher reported, stated in a blog that the hacker is requesting an additional 750 Bitcoins valued at nearly $500,000, for the fourth database with patient information including names, addresses, phone and social security numbers.
The hacker has described the databases as coming from Farmington, Mo, (48,000 patients), the central/midwest states (210,000 patients) and Georgia (397,000 patients), and a "large insurance healthcare organization in the United States" (9.3 million).
"It was retrieved using a 0day [attack] within the RDP protocol that gave direct access to this sensitive information," the hacker stated in an online post.
"The total is staggering," said Dean Sysman, CTO and co-founder of Cymmetria, a private American network security company. "This new slate of breached records shows that the hacker has been able to breach across organizations and especially within them using lateral movement across those providers."
The data breach and subsequent online sale was originally reported by the news site Deep Dot Web; patient records include those of Blue Cross Blue Shield.
The hacker claimed to have already sold $100,000 worth of records from the Georgia healthcare organization, according to the online publication Motherboard.
Motherboard, which claimed it spoke with the hacker, said it was provided with a sample of 30 patient records, which it used to confirm the patients' identities by calling them on phone numbers provided in the records.
"Someone wanted to buy all the Blue Cross Blue Shield insurance records specifically," the hacker told the publication. The hacker went on to say that the ransoms he was requesting from the healthcare organizations were "modest" amounts "compared to the damage that will be caused to the organizations when I decide to publicly leak the victims."