Hacker Offers 655,000 Stolen Health Records for Sale

Hacker Offers 655,000 Stolen Health Records for Sale

The Centers for Medicare & Medicaid Services (CMS) recently learned of a potential security breach in which a hacker is offering for sale 655,000 records of orthopedic patients, according to an MLN Matters Special Edition Article (SE1616).

A hacker that goes by the name “thedarkoverlord” claims to be in possession of the healthcare records, according to HotHardware. The breach was first reported by DeepDotWeb, which has exclusive screenshots of some of the records provided by “thedarkoverlord” to prove the legitimacy of his dastardly deed.

Hacker Hits Midwest, Georgia

The stolen records span much of the country, with 48,000 coming from Farmington, Missouri (later revealed to be from Midwest Orthopedic Clinic); 210,000 from the Central/Midwest states; and 397,000 from Georgia, reports HotHardware. The records include Social Security and insurance policy numbers. The hacker is reportedly selling the records for Bitcoins, at a U.S. dollar equivalent of approximately $1 per name.

The hacker himself requested DeepDotWeb add a note to their online report, directed to the breached companies:

“Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.”

Of course, HIPAA-covered entities put a lot more on the line if they kowtow to such threats. “What we can hope for at this point is that the affected hospitals (and patients) get notified about the breach as quickly as possible,” writes HotHardware reporter Rob Williams.

CMS Reacts

Meanwhile, CMS reminds HIPAA-covered entities of their duty to notify the Secretary of the U.S. Department of Health and Human Services if a breach of unsecured protected health information belonging to them or a business associate is discovered. See 45 CFR Section 164.408 for breach notification guidelines.

Two days after this story broke, DeepDotWeb reported the “thedarkoverlord’s” claim of hacking into a U.S. healthcare insurance database containing no less than 9.3 million patient records.

dec-clearance-sale

Renee Dustman

Renee Dustman

Renee Dustman is executive editor at AAPC. She has a Bachelor of Science degree in Journalism and a long history of writing just about anything for just about every kind of publication there is or ever has been. She’s also worked in production management for print media, and continues to dabble in graphic design.
Renee Dustman

Latest posts by Renee Dustman (see all)

About Has 428 Posts

Renee Dustman is executive editor at AAPC. She has a Bachelor of Science degree in Journalism and a long history of writing just about anything for just about every kind of publication there is or ever has been. She’s also worked in production management for print media, and continues to dabble in graphic design.

Leave a Reply

Your email address will not be published. Required fields are marked *