DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Anyone know what healthcare facilities these are? 655,000 patient records up for sale on dark net (UPDATED)

Posted on June 26, 2016 by Dissent

Seen up for sale on a forum (I’m redacting the ads and samples):

Healthcare Database (48,000 Patients) from Farmington, Missouri, United States

This product is a considerably large database in plaintext from a healthcare organization in Farmington, Missouri, United States. It was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords.

Format: Record #,Pat.Act.#,Active,Last Name,First Name,MI,Suf.,Address Line 1,Address Line 2,City,State,Zip,SSN,DOB,Sex,Mar.,Stu.,Email,Home Phone,Work Phone,Cell Phone

Sample: 34441,344416,TRUE,Andrews,Amy,,,[redacted],Fredericktown,MO,63645,[redacted],[redacted],F,D,N,,[redacted] ,( ) – ,( ) –

Statistics:
Total Records Count: 47,864
DOB 1890-1934: 5,650
DOB 1935-1989: 38,136
DOB 1990-1997: 2,783
DOB 1998-2015: 1,295

Database (210,000 Patients) from Central/Midwest United States

This product is a very large database in plaintext from a healthcare organization in the Central/Midwest United States. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.

Format: SSN,FIRST NAME,MI,LAST NAME,SEX,DOB,ADDRESS

Sample: [redacted] ,MARLO,O,RIVERA,M,[redacted],[redacted],OKLAHOMA CITY OK 73170

Statistics:
Total Records Count: 207,572
DOB 1890-1934: 39,412
DOB 1935-1989: 135,387
DOB 1990-1997: 18,396
DOB 1998-2015: 14,377

Healthcare Database (397,000 Patients) from Atlanta, Georgia, United States

This ad was mistakenly including the data from the previous ad, but I suspect/fear that it will be corrected. (Updated: here’s the correct info from their ad, redacted by me):

This product is a very large database in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords.

Raw Format: “/Today”,”/TodayLong”,”/PrimaryHealthInsCo”,”/PrimaryHealthInsType”,”/SecondaryHealthInsCo”,”/SecondaryHealthInsType”,”/Address1″,”/Address2″,”/Age”,”/AnAge”,”/AgeSingular”,”/DOB”,”/CellPhone”,”/City”,”/Email”,”/Fax”,”FName”,”FNameCaps”,”LName”,”/MI”,”LNameCaps”,”/NamePrefix”,”/NameSuffix”,”/Note”,”/personid”,”/Phone”,”/PhoneExtension”,”/WorkPhone”,”/WorkPhoneExtension”,”/Race”,”/Sex”,”man/woman”,”male/female”,”male/femaleFirstCap”,”he/she”,”he/sheFirstCap”,”him/her”,”his/her”,”his/herFirstCap”,”boy/girl”,”son/daughter”,”grandson/granddaughter”,”/SharedID”,”/SSNO”,”/State”,”/JobTitle”,”/Zip”,”/UDF1″,”/UDF2″,”/UDF3″,”/UDF4″,”/UDF5″,”/UDF6″,”/UDF7″,”/UDF8″,”/UDF9″,”/UDF10″,”/PriDrPersonID”,”/PriUDF1″,”/PriUDF2″,”/PriUDF3″,”/PriUDF4″,”/PriUDF5″,”/PriUDF6″,”/PriUDF7″,”/PriUDF8″,”/PriUDF9″,”/PriUDF10″,”/PriDrAlias”,”/PriDrFirst”,”/PriDrLast”,”/PriDrNamePrefix”,”/PriDrNameSuffix”,”/PriNote”,”/PriDrAddr1″,”/PriDrAddr2″,”/PriDrPhoneExtension”,”/PriDrEmail”,”/PriDrCellPhone”,”/PriDrFax”,”/PriDrPhone”,”/PriDrZip”,”/PriDrState”,”/PriDrCity”,”/PriNPI”,”/RefPersonID”,”/RefDrAddr1″,”/RefDrAddr2″,”/RefDrCity”,”/RefDrFirst”,”/RefDrLast”,”/RefDrNamePrefix”,”/RefDrNameSuffix”,”/RefNote”,”/RefDrPhone”,”/RefDrPhoneExtension”,”/RefDrEmail”,”/RefDrCellPhone”,”/RefDrFax”,”/RefDrState”,”/RefDrZip”,”/RefUDF1″,”/RefUDF2″,”/RefUDF3″,”/RefUDF4″,”/RefUDF5″,”/RefUDF6″,”/RefUDF7″,”/RefUDF8″,”/RefUDF9″,”/RefUDF10″,”/RefNPI”,”/PRIMINSPOLICYID”,”/PRIMINSGROUPID”,”/SECONDARYINSPOLICYID”,”/SECONDARYINSGROUPID” Refined Format: /PrimaryHealthInsType,/PrimaryHealthInsCo,/PRIMINSPOLICYID,/PRIMINSGROUPID,/SecondaryHealthInsType,/SecondaryHealthInsCo,/SECONDARYINSPOLICYID,/SECONDARYINSGROUPID,/Address1,/Address2,/Age,/DOB,/CellPhone,/City,/Email,FNameCaps,/MI,LNameCaps,/NamePrefix,/Phone,/WorkPhone,/Sex,/SSNO,/State,/Zip

Refined Sample:

PRIMARY,Cigna Healthcare,U04197556,2461898,SECONDARY,UGA Athletic Dept.,[redacted],[redacted] ,,27y,[redacted],,Atlanta,,[redacted],,[redacted],,F,[redacted],GA,30327

Statistics:

Total Records Count: 396,458

The most common Healthcare Insurance is ‘Blue Cross Blue Shield’ The second most common Healthcare Insurance is ‘United Healthcare’ The plaintext database file is over 200MB in size Ownership of this database will be exclusive and only a single copy will be sold. This has not been leaked anywhere and it has not yet been abused. If you are interested in purchasing this database and would like to make an offer other than what is listed, send a PM. Only serious offers will be entertained.

If anyone knows whose databases these are, you might want to give them a call to give them a heads-up. Or send me an email if you recognize the entity and the table headings. I tried working from the samples, but the first one’s home phone number, not shown in the sample, is no longer in service. And the individual in the second sample appears to be currently incarcerated, so I’m unlikely to reach him.

UPDATE: the seller, TheDarkOverlord, gave DeepDotWeb screenshots from the databases, and it appears that at least one of the hacked entities is using SRS EHR v.9 patient management software.

The seller also added a note to the hacked entities:

Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.

UPDATE: I subsequently had a private chat with The DarkOverlord about these hacks. You can read some of what he told me in my report today on The Daily Dot.

Category: ExposureHackHealth DataOf NoteOtherU.S.

Post navigation

← Is LookBook aware?
TalkTalk being sued by hacked customer →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.