Security nightmare this Halloween as DarkOverLord continues data breach attack

Posted by Geraldine Hunt on Thu, Oct 27th, 2016

Following a data breach the data if often sold on the dark web. I was telling a friend of mine the other day about the dark web, that sinister place where dastardly deeds are performed and forbidden goods and services are sold and exchanged.  As we approach Halloween this was a very suitable tale. After listening to my dialog he responded, “I really wish you hadn’t told me about the dark web.  I don’t like knowing that a place like that really exists.”

Murder for hire on the dark web

But it does exist and it is a dark ominous place.  You may not find Lord Voldermort and his Death Eaters lurking there, but you will find the calling cards and loot of thousands of hackers and cyber criminals from every corner of the globe.  Stolen credit cards, patient health information, drugs, murder for hire, counterfeit money, you name it, it is there.  It is being advertised on the dark web, seeking interested buyers who are willing to purchase these illicit goods and services in exchange for a price that is payable only in bitcoins.  Forbes Magazine published an article dedicated to the illegitimate things available on the dark web on 12/15/2015 entitled, “The Things You Can Buy on the Dark Web Are Terrifying.”

So what is the Dark Web?

Well, the traditional web as most of us know it, the place where we check our email, examine the weather forecast and buy from Amazon is known as the Clear Web.  Here is the kicker.  It only makes up 4% of the Internet!  The other 96% is referred to as the Deep Web, a vast area of the Internet that is inaccessible to traditional search engines.  The majority of the Deep Web is legitimate space.  It is made up of secure areas that are confined to select organizations or data catalogs that demand some type of membership access.  The data of many scientific organizations such as NASA comprise the deep web.

DarkOverLord Breaches

But there is a small sector of the deep web called the dark web.  It’s not a place you want to find yourself, and it definitely is a place you don’t want to find your patient health records.  Unfortunately, over 655,00 people have discovered just that thanks to a trio of data breaches over the summer months.  The breach was conducted by a hacker or hacker group using the name, “The DarkOverLord,” a former ransomware expert who has now chosen pursue the high stakes game of stealing patient health information records or PHI.  The breach was discovered when the DarkOverLord contacted the three health organization involved to alert them that their patient databases had been captured and that samples had been posted on a site called RealDealMarket, a unscrupulous site on the dark web where cybercriminals sell everything from stolen credit cards to drugs. 

The data breach included the following:

48,000 patient records from a clinic in Farmington, Missouri, United States.  The records were acquired from a Microsoft Access Database in plain text. 
210,000 patient records from clinic in the central Midwest United States that was captured in plain text.  The records include Social Security numbers, first and last names, middle initial, gender, date of birth, and postal address
The largest breach was a database of 397,000 records from a large clinic based in Atlanta, Georgia which also included, including primary and secondary health insurance and policy numbers.  Like the other incidents, the data was not encrypted.

The DarkOverLord Ransoms 655,000 Patient Records on the Dark Web

The DarkOverLord is demanding a ransom of $1 per record from each of the organizations and has assigned a separate deadline to each victimized organization.  If his demands are not met by those dates, the records will then be sold to multiple buyers.  The hacker claims that he contacted all three organizations prior to stealing the patient records to inform them that he had breached their networks and was asking for funds to inform them of their vulnerabilities but heard nothing.  “Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer,” The Dark Overlord said in an interview to a news site that reports on the hacking community.

All three clinics contacted their patients to alert them of the breach and the impending risk of identity theft.  In the case of the Atlanta-based firm, local police have already begun documenting police reports from patient victims reporting that their credit has been compromised.  All three organizations must now suffer major hits to their credibility and reputation and impending lawsuits will undoubtedly be coming soon.    According to a study in 2016 by the Ponemon Institute, the average cost per stolen record in the United States healthcare industry is $355 and $158 globally. 

This Halloween, we all have a lot more to be afraid of than mere ghosts and goblins.  What we really have to fear is our personal data information being peddled off to the highest bidder in that unscrupulous place called the dark web.