Hacker TheDarkOverlord stole more patient records, images than originally thought, InfoArmor reports
Cybercriminal broke into organizations on the HL7 network, the security firm has found, and has since put those records up for sale on the dark web.
Cybercriminal 'TheDarkOverlord' has gained access to more than 10 million healthcare records and posted them for sale on the dark web, security firm InfoArmor confirmed.
This number has increased from the 9.3 million estimate originally reported at the end of June.
What's surprising is that he or she has not just stolen personally identifiable information, but medical imaging obtained from exploiting security vulnerabilities in email software that supports HL7 and also organizations connected to the HL7 network, according to InfoArmor's CIO Andrew Komarov.
[Also: Healthcare cybersecurity must be proactive not reactive, expert says]
The concern is many organizations believe this type of data cannot be monetized, Komarov explained. But the hacker is merely looking for the right illicit customer, which can use contact information from the patient data to deceive the victim.
Bad actors, in fact, have attempted to sell more three terabytes of stolen healthcare data, according to Komarov, and the perpetrators have moved from exploiting healthcare organizations - to targeting vendors.
"On all compromised systems, on traditional network encryption, there are no access control mechanisms," Komarov said. "It looks like the healthcare industry doesn't understand the full risks in regards to cybercrime."
[Also: Massachusetts General Hospital hit with data breach affecting 4,300 patients]
In some cases, the hackers also gained access to all data stored in local files or on Microsoft Access desktop databases without special user access segregation and once the host was compromised, the cybercriminal gained widespread access.
To make matters worse, 'TheDarkOverlord' named two specific victims on his Twitter account, while thanking an Oklahoma City organization for what appears to be compliance with his or her terms. And this morning, he threatened that data of another SRS EHR database from California will be on the market soon.
[Also: Data breach costs hit $4 million, are most expensive, Ponemon finds]
"We know he is actively looking for new servers from the healthcare world," Komarov said, and employing tactics such as mass scanning of servers every day to exploit vulnerabilities and find specific healthcare information to monetize.
"He's not stopping with five or seven victims," Komarov added. He has more and has consulted with other bad actors for advice for further distribution. That's what we expect from him."
This story first appeared in Healthcare Finance News.
Twitter: @JessiefDavis
