The patient records of about 500,000 children are up for grabs on the dark web, a hacker named Skyscraper told DataBreaches.net on Wednesday.
These records contain both child and parent names, Social Security numbers, phone numbers and addresses. DataBreaches didn’t name the breached organizations but also said that another 200,000 records were stolen from elementary schools.
To make matters worse, the amount of breached records for pediatricians reported to the Department of Health and Human Services’ Office of Civil Rights is not equal to that number, meaning many of these providers are likely unaware their data has been exposed.
The hacker finds the records by simply searching for “patients,” and the search returns entire databases left exposed. DataBreaches said the hacker pointed to these organizations using outdated or free software. Further, many of the records were of former patients and therefore didn’t need to be online.
Patient records of children are in high-demand on the dark web, according to ICIT Senior Fellow James Scott.
These complete medical records can be sold on the Dark Web for abut $500 to $1,200, which depends on how much information is included and the market type, a September ICIT report found. The criminal can build a fake identity from the child’s information, as many breach records take a long time to be discovered.
Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com