Healthcare Database (48,000 Patients) from Farmington, Missouri, United States – “a considerably large database in plaintext from a healthcare organization in Farmington, Missouri, United States. It was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords”

(DeepDotWeb) - An individual(s) who is offering more than six hundred thousand clinical records and related documentation on the deep web, says that he acquired those files after discovering a weakness in protocols – how businesses perform or execute remote desktop functionality.

The hacker, also known as The Dark Over Lord, says that various reputable healthcare institutions were infiltrated, and that they got away with a list containing information on hundreds of thousands of patients from each of these organizations.

According to the hacker, there is a list of more than forty thousand patients discovered in the plain text; obtained via Microsoft Access database, they had simple usernames and passwords. The remaining lists contained more details than the previous ones; information of more than six hundred thousand patients, they were found in an institution based in central United States. The other organization is based in the southeastern part of the United States. However, both remaining lists were found in plain text, while a wrong configuration of the networks allowed the access.

The hacker himself requested to add a note to the breached companies:

Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.

Furthermore, after exploiting the database and informing the companies that their systems were vulnerable, the hacker asked if they would pay him for finding the vulnerabilities, which they refused. As a result, the individual is offering the data for a large cost; the listings vary in cost, starting from 151 BTC, roughly $100,421.04 (as of 21st July), to 607 BTC, roughly $403,679.28 (as of 21st July) Prices may vary depending upon the exchange rates.

The details are for purchase at The Real Deal website – the same origins where login credentials for MySpace and Vkontakte were sold. The Dark Over Lord says that they have been offered some hefty prices, selling the data worth more than a hundred thousand dollars. One chunk of information that was sold, came from the organization belonging to Blue Cross Blue Shield.

Healthcare Database (210,000 Patients) from Central/Midwest United States – “a very large database in plaintext from a healthcare organization in the Central/Midwest United States. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.”

However, a few months ago, hackers aimed their talents at corporate systems working with remote desktop protocols, and after discovering them, they brute forced the machines using puny passwords to distribute the Bucbi ransomware (part of the Trojan family and has the ability to destroy your operation system, as well as the hardware itself), which was solely there to collect debit or credit card information.

Healthcare Database (397,000 Patients) from Georgia, United States – “a very large database in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords.”

The strategies used by this hacker can serve as a model for the future of ransomware and other development for hybrid Trojans. The attacker is diminishing the factor for the target, by not allowing them to fix their files from the backup that is available via a copy of the data. So naturally, this allows the victim to go with the decision to pay for the files, in order to recover their important data and not have their information leaked online. For companies, this can lead to a murky water of lawsuits and a discredited reputation.