In a report prepared for the U.S. Senate, two security researchers detail why electronic healthcare records (EHR) are being stolen. According to Symantec’s April 2016 Internet Security Threat Report, healthcare was the most targeted and most valuable sector in 2015. EHR hacking has grown innumerably since then.
One entity, in particular, has been behind the majority of EHR compromised this year. The hacker(s) operates under the pseudonym TheDarkOverlord (TDO) and sells hacked medical data on TheRealDeal marketplace. These attacks started making headlines in late June when he released 655,000 records from three healthcare databases. TDO agreed to provide DeepDotWeb with exclusive images of databases from within the company’s internal network.
At the time of the DeepDotWeb exclusive, TDO had three listings on TheRealDeal marketplace, totalling 655,000 unique patient records. The listings were from three different healthcare companies in the US; Athens Orthopedic Clinic in Athens, GA; Midwest Orthopedic Pain and Spine in Farmington, Missouri; and the third was never identified beyond being in Oklahoma City. According to TDO, the third company paid the ransom and had the database removed from TheRealDeal.