DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Anyone know what healthcare facilities these are? 655,000 patient records up for sale on dark net (UPDATED)

Posted on June 26, 2016 by Dissent

Seen up for sale on a forum (I’m redacting the ads and samples):

Healthcare Database (48,000 Patients) from Farmington, Missouri, United States

This product is a considerably large database in plaintext from a healthcare organization in Farmington, Missouri, United States. It was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords.

Format: Record #,Pat.Act.#,Active,Last Name,First Name,MI,Suf.,Address Line 1,Address Line 2,City,State,Zip,SSN,DOB,Sex,Mar.,Stu.,Email,Home Phone,Work Phone,Cell Phone

Sample: 34441,344416,TRUE,Andrews,Amy,,,[redacted],Fredericktown,MO,63645,[redacted],[redacted],F,D,N,,[redacted] ,( ) – ,( ) –

Statistics:
Total Records Count: 47,864
DOB 1890-1934: 5,650
DOB 1935-1989: 38,136
DOB 1990-1997: 2,783
DOB 1998-2015: 1,295

Database (210,000 Patients) from Central/Midwest United States

This product is a very large database in plaintext from a healthcare organization in the Central/Midwest United States. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.

Format: SSN,FIRST NAME,MI,LAST NAME,SEX,DOB,ADDRESS

Sample: [redacted] ,MARLO,O,RIVERA,M,[redacted],[redacted],OKLAHOMA CITY OK 73170

Statistics:
Total Records Count: 207,572
DOB 1890-1934: 39,412
DOB 1935-1989: 135,387
DOB 1990-1997: 18,396
DOB 1998-2015: 14,377

Healthcare Database (397,000 Patients) from Atlanta, Georgia, United States

This ad was mistakenly including the data from the previous ad, but I suspect/fear that it will be corrected. (Updated: here’s the correct info from their ad, redacted by me):

This product is a very large database in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords.

Raw Format: “/Today”,”/TodayLong”,”/PrimaryHealthInsCo”,”/PrimaryHealthInsType”,”/SecondaryHealthInsCo”,”/SecondaryHealthInsType”,”/Address1″,”/Address2″,”/Age”,”/AnAge”,”/AgeSingular”,”/DOB”,”/CellPhone”,”/City”,”/Email”,”/Fax”,”FName”,”FNameCaps”,”LName”,”/MI”,”LNameCaps”,”/NamePrefix”,”/NameSuffix”,”/Note”,”/personid”,”/Phone”,”/PhoneExtension”,”/WorkPhone”,”/WorkPhoneExtension”,”/Race”,”/Sex”,”man/woman”,”male/female”,”male/femaleFirstCap”,”he/she”,”he/sheFirstCap”,”him/her”,”his/her”,”his/herFirstCap”,”boy/girl”,”son/daughter”,”grandson/granddaughter”,”/SharedID”,”/SSNO”,”/State”,”/JobTitle”,”/Zip”,”/UDF1″,”/UDF2″,”/UDF3″,”/UDF4″,”/UDF5″,”/UDF6″,”/UDF7″,”/UDF8″,”/UDF9″,”/UDF10″,”/PriDrPersonID”,”/PriUDF1″,”/PriUDF2″,”/PriUDF3″,”/PriUDF4″,”/PriUDF5″,”/PriUDF6″,”/PriUDF7″,”/PriUDF8″,”/PriUDF9″,”/PriUDF10″,”/PriDrAlias”,”/PriDrFirst”,”/PriDrLast”,”/PriDrNamePrefix”,”/PriDrNameSuffix”,”/PriNote”,”/PriDrAddr1″,”/PriDrAddr2″,”/PriDrPhoneExtension”,”/PriDrEmail”,”/PriDrCellPhone”,”/PriDrFax”,”/PriDrPhone”,”/PriDrZip”,”/PriDrState”,”/PriDrCity”,”/PriNPI”,”/RefPersonID”,”/RefDrAddr1″,”/RefDrAddr2″,”/RefDrCity”,”/RefDrFirst”,”/RefDrLast”,”/RefDrNamePrefix”,”/RefDrNameSuffix”,”/RefNote”,”/RefDrPhone”,”/RefDrPhoneExtension”,”/RefDrEmail”,”/RefDrCellPhone”,”/RefDrFax”,”/RefDrState”,”/RefDrZip”,”/RefUDF1″,”/RefUDF2″,”/RefUDF3″,”/RefUDF4″,”/RefUDF5″,”/RefUDF6″,”/RefUDF7″,”/RefUDF8″,”/RefUDF9″,”/RefUDF10″,”/RefNPI”,”/PRIMINSPOLICYID”,”/PRIMINSGROUPID”,”/SECONDARYINSPOLICYID”,”/SECONDARYINSGROUPID” Refined Format: /PrimaryHealthInsType,/PrimaryHealthInsCo,/PRIMINSPOLICYID,/PRIMINSGROUPID,/SecondaryHealthInsType,/SecondaryHealthInsCo,/SECONDARYINSPOLICYID,/SECONDARYINSGROUPID,/Address1,/Address2,/Age,/DOB,/CellPhone,/City,/Email,FNameCaps,/MI,LNameCaps,/NamePrefix,/Phone,/WorkPhone,/Sex,/SSNO,/State,/Zip

Refined Sample:

PRIMARY,Cigna Healthcare,U04197556,2461898,SECONDARY,UGA Athletic Dept.,[redacted],[redacted] ,,27y,[redacted],,Atlanta,,[redacted],,[redacted],,F,[redacted],GA,30327

Statistics:

Total Records Count: 396,458

The most common Healthcare Insurance is ‘Blue Cross Blue Shield’ The second most common Healthcare Insurance is ‘United Healthcare’ The plaintext database file is over 200MB in size Ownership of this database will be exclusive and only a single copy will be sold. This has not been leaked anywhere and it has not yet been abused. If you are interested in purchasing this database and would like to make an offer other than what is listed, send a PM. Only serious offers will be entertained.

If anyone knows whose databases these are, you might want to give them a call to give them a heads-up. Or send me an email if you recognize the entity and the table headings. I tried working from the samples, but the first one’s home phone number, not shown in the sample, is no longer in service. And the individual in the second sample appears to be currently incarcerated, so I’m unlikely to reach him.

UPDATE: the seller, TheDarkOverlord, gave DeepDotWeb screenshots from the databases, and it appears that at least one of the hacked entities is using SRS EHR v.9 patient management software.

The seller also added a note to the hacked entities:

Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.

UPDATE: I subsequently had a private chat with The DarkOverlord about these hacks. You can read some of what he told me in my report today on The Daily Dot.

Category: ExposureHackHealth DataOf NoteOtherU.S.

Post navigation

← Is LookBook aware?
TalkTalk being sued by hacked customer →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.