News reports indicate that a computer hacker going by the name “thedarkoverlord” is selling 655,000 patient records on line in a “dark web marketplace.” The records include patient names, Social Security Numbers, dates of birth, race and gender, insurance information and addresses.
The hacker targeted three health care organizations and obtained the records through a vulnerability in the organizations’ remote desktop protocol (RDP). RDP allows employees to access computers while out of the office. The organizations were allegedly located in Missouri, Central/Midwest US and Georgia.
All employers should review their security practices for both in-office network access and RDP.