Hacker Reportedly Infiltrates Three U.S. Healthcare Companies, Offers 650,000 Patient Records For Sale

It seems impossible for the world to go a single week without a major security breach, so to fill the inevitable void this week is a hacker that goes by the name "thedarkoverlord," who claims to be in possession of a staggering 655,000 healthcare records. Of course, he is looking to sell them off.

This latest records leak was first reported by Deep Dot Web, which has exclusive images to prove that the leak is real (one can be seen below). These images were not sourced by the website; rather, thedarkoverlord himself provided the images, probably as a way to build up some notoriety, and to flaunt the fact that the records are for sale to those who might be interested.

Medical Records Leak

The records the leaker is offering spans much of the country, with 48,000 records coming from Farmington, Missouri; 210,000 from Central/Midwest US, and 397,000 from Georgia. It's unfortunate that all we know about these records is the state they came from; there's no more specific information beyond that.

Perhaps the scariest thing about this leak is that the information includes social security and insurance policy numbers. With such information, havoc could certainly be wreaked. All of these affected patients are now at risk for identify fraud, which could lead to people taking out loans in their name, among other things.

Medical Records Leak Sale

The motives of thedarkoverlord are clear: these records are being sold for a mint. The largest database, which includes 397,000 patients, is being sold for 607 Bitcoin, which is roughly equivalent to $400,000 USD.

The hacker has even taken to the comments section of Deep Dot Web, showing no remorse for his actions, and in fact has even egged people on to make him an offer.

What we can hope for at this point is that the affected hospitals (and patients) get notified about the breach as quickly as possible. It's one thing to have a handful of people affected by something like identity theft, but hundreds of thousands? That's reason for extreme concern.