Hacker claims to have 655,000 health care records for sale

The intruder is holding three organizations for ransom.

Sponsored Links

Reuters/Tami Chappell
Reuters/Tami Chappell

Hackers are getting all too creative in their bids to hold health care data for ransom. An intruder is selling records for 655,000 patients from three US health care organizations (in Atlanta, the central US and Farmington, Missouri) on the Dark Web as part of a ransom attempt. Details of what happened aren't clear, but the hacker claims to have exploited flaws in the Remote Desktop Protocol to perpetrate the heists. Also, this person maintains to DeepDotWeb that the companies had a chance to "make it go away" for a "small fee," but didn't -- the sale is upping the ante.

The culprit is telling Motherboard that there are already prospective buyers for the authentic (if possibly outdated) info, which is selling for between $100,000 to $411,000 in bitcoins. Either way, the incident highlights the increasing dangers of lax security for health care records. In all three breaches, the organizations' internal networks were not only accessible, but stored login details in plain text -- these were entirely avoidable incidents. Until security is more of a priority, stunts like this could easily happen again.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget