Hacker Selling Patient Records

Posted by BAS - 30 June, 2016


News reports indicate that a computer hacker going by the name “thedarkoverlord” is selling 655,000 patient records on line in a “dark web marketplace.”  The records include patient names, Social Security Numbers, dates of birth, race and gender, insurance information and addresses. 

The hacker targeted three health care organizations and obtained the records through a vulnerability in the organizations’ remote desktop protocol (RDP).  RDP allows employees to access computers while out of the office.  The organizations were allegedly located in Missouri, Central/Midwest US and Georgia. 

All employers should review their security practices for both in-office network access and RDP.

Recent Posts

Question of the Week - FSA Carryovers and COBRA

read more

Prioritizing Security in HR Practices

read more

Manage Employee Contacts In MyEnroll

read more