Hacker claims to have 655,000 health care records for sale

The intruder is holding three organizations for ransom.

Reuters/Tami Chappell

Hackers are getting all too creative in their bids to hold health care data for ransom. An intruder is selling records for 655,000 patients from three US health care organizations (in Atlanta, the central US and Farmington, Missouri) on the Dark Web as part of a ransom attempt. Details of what happened aren't clear, but the hacker claims to have exploited flaws in the Remote Desktop Protocol to perpetrate the heists. Also, this person maintains to DeepDotWeb that the companies had a chance to "make it go away" for a "small fee," but didn't -- the sale is upping the ante.

The culprit is telling Motherboard that there are already prospective buyers for the authentic (if possibly outdated) info, which is selling for between $100,000 to $411,000 in bitcoins. Either way, the incident highlights the increasing dangers of lax security for health care records. In all three breaches, the organizations' internal networks were not only accessible, but stored login details in plain text -- these were entirely avoidable incidents. Until security is more of a priority, stunts like this could easily happen again.