DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Anyone know what healthcare facilities these are? 655,000 patient records up for sale on dark net (UPDATED)

Posted on June 26, 2016 by Dissent

Seen up for sale on a forum (I’m redacting the ads and samples):

Healthcare Database (48,000 Patients) from Farmington, Missouri, United States

This product is a considerably large database in plaintext from a healthcare organization in Farmington, Missouri, United States. It was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords.

Format: Record #,Pat.Act.#,Active,Last Name,First Name,MI,Suf.,Address Line 1,Address Line 2,City,State,Zip,SSN,DOB,Sex,Mar.,Stu.,Email,Home Phone,Work Phone,Cell Phone

Sample: 34441,344416,TRUE,Andrews,Amy,,,[redacted],Fredericktown,MO,63645,[redacted],[redacted],F,D,N,,[redacted] ,( ) – ,( ) –

Statistics:
Total Records Count: 47,864
DOB 1890-1934: 5,650
DOB 1935-1989: 38,136
DOB 1990-1997: 2,783
DOB 1998-2015: 1,295

Database (210,000 Patients) from Central/Midwest United States

This product is a very large database in plaintext from a healthcare organization in the Central/Midwest United States. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.

Format: SSN,FIRST NAME,MI,LAST NAME,SEX,DOB,ADDRESS

Sample: [redacted] ,MARLO,O,RIVERA,M,[redacted],[redacted],OKLAHOMA CITY OK 73170

Statistics:
Total Records Count: 207,572
DOB 1890-1934: 39,412
DOB 1935-1989: 135,387
DOB 1990-1997: 18,396
DOB 1998-2015: 14,377

Healthcare Database (397,000 Patients) from Atlanta, Georgia, United States

This ad was mistakenly including the data from the previous ad, but I suspect/fear that it will be corrected. (Updated: here’s the correct info from their ad, redacted by me):

This product is a very large database in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords.

Raw Format: “/Today”,”/TodayLong”,”/PrimaryHealthInsCo”,”/PrimaryHealthInsType”,”/SecondaryHealthInsCo”,”/SecondaryHealthInsType”,”/Address1″,”/Address2″,”/Age”,”/AnAge”,”/AgeSingular”,”/DOB”,”/CellPhone”,”/City”,”/Email”,”/Fax”,”FName”,”FNameCaps”,”LName”,”/MI”,”LNameCaps”,”/NamePrefix”,”/NameSuffix”,”/Note”,”/personid”,”/Phone”,”/PhoneExtension”,”/WorkPhone”,”/WorkPhoneExtension”,”/Race”,”/Sex”,”man/woman”,”male/female”,”male/femaleFirstCap”,”he/she”,”he/sheFirstCap”,”him/her”,”his/her”,”his/herFirstCap”,”boy/girl”,”son/daughter”,”grandson/granddaughter”,”/SharedID”,”/SSNO”,”/State”,”/JobTitle”,”/Zip”,”/UDF1″,”/UDF2″,”/UDF3″,”/UDF4″,”/UDF5″,”/UDF6″,”/UDF7″,”/UDF8″,”/UDF9″,”/UDF10″,”/PriDrPersonID”,”/PriUDF1″,”/PriUDF2″,”/PriUDF3″,”/PriUDF4″,”/PriUDF5″,”/PriUDF6″,”/PriUDF7″,”/PriUDF8″,”/PriUDF9″,”/PriUDF10″,”/PriDrAlias”,”/PriDrFirst”,”/PriDrLast”,”/PriDrNamePrefix”,”/PriDrNameSuffix”,”/PriNote”,”/PriDrAddr1″,”/PriDrAddr2″,”/PriDrPhoneExtension”,”/PriDrEmail”,”/PriDrCellPhone”,”/PriDrFax”,”/PriDrPhone”,”/PriDrZip”,”/PriDrState”,”/PriDrCity”,”/PriNPI”,”/RefPersonID”,”/RefDrAddr1″,”/RefDrAddr2″,”/RefDrCity”,”/RefDrFirst”,”/RefDrLast”,”/RefDrNamePrefix”,”/RefDrNameSuffix”,”/RefNote”,”/RefDrPhone”,”/RefDrPhoneExtension”,”/RefDrEmail”,”/RefDrCellPhone”,”/RefDrFax”,”/RefDrState”,”/RefDrZip”,”/RefUDF1″,”/RefUDF2″,”/RefUDF3″,”/RefUDF4″,”/RefUDF5″,”/RefUDF6″,”/RefUDF7″,”/RefUDF8″,”/RefUDF9″,”/RefUDF10″,”/RefNPI”,”/PRIMINSPOLICYID”,”/PRIMINSGROUPID”,”/SECONDARYINSPOLICYID”,”/SECONDARYINSGROUPID” Refined Format: /PrimaryHealthInsType,/PrimaryHealthInsCo,/PRIMINSPOLICYID,/PRIMINSGROUPID,/SecondaryHealthInsType,/SecondaryHealthInsCo,/SECONDARYINSPOLICYID,/SECONDARYINSGROUPID,/Address1,/Address2,/Age,/DOB,/CellPhone,/City,/Email,FNameCaps,/MI,LNameCaps,/NamePrefix,/Phone,/WorkPhone,/Sex,/SSNO,/State,/Zip

Refined Sample:

PRIMARY,Cigna Healthcare,U04197556,2461898,SECONDARY,UGA Athletic Dept.,[redacted],[redacted] ,,27y,[redacted],,Atlanta,,[redacted],,[redacted],,F,[redacted],GA,30327

Statistics:

Total Records Count: 396,458

The most common Healthcare Insurance is ‘Blue Cross Blue Shield’ The second most common Healthcare Insurance is ‘United Healthcare’ The plaintext database file is over 200MB in size Ownership of this database will be exclusive and only a single copy will be sold. This has not been leaked anywhere and it has not yet been abused. If you are interested in purchasing this database and would like to make an offer other than what is listed, send a PM. Only serious offers will be entertained.

If anyone knows whose databases these are, you might want to give them a call to give them a heads-up. Or send me an email if you recognize the entity and the table headings. I tried working from the samples, but the first one’s home phone number, not shown in the sample, is no longer in service. And the individual in the second sample appears to be currently incarcerated, so I’m unlikely to reach him.

UPDATE: the seller, TheDarkOverlord, gave DeepDotWeb screenshots from the databases, and it appears that at least one of the hacked entities is using SRS EHR v.9 patient management software.

The seller also added a note to the hacked entities:

Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.

UPDATE: I subsequently had a private chat with The DarkOverlord about these hacks. You can read some of what he told me in my report today on The Daily Dot.

No related posts.

Category: ExposureHackHealth DataOf NoteOtherU.S.

Post navigation

← Is LookBook aware?
TalkTalk being sued by hacked customer →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy
  • 70% of healthcare cyberattacks result in delayed patient care, report finds
  • Police disrupt “Diskstation” ransomware gang attacking NAS devices
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​
  • Fourth Circuit upholds West Virginia ban on abortion pills
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.