➤Summary
This chapter focuses on the various types of medical data that are found on the darknet. The illicit sale of this data highlights significant risks to patient privacy and the integrity of medical institutions. Lets first explore the value of medical records.
The price of medical data on the black market can vary widely and depends on several factors. Here are some general insights into what influences the pricing:
As for the price range, it can vary from a few dollars for a single record to thousands for extensive datasets. However, these figures fluctuate based on the market, the risk involved, and the factors mentioned above. Since the pice depends on the type of data, we will explore in the next chapter different PHI data types you will find on the darkweb.
Description: Individual patient records contain comprehensive personal health information (PHI). This can include a patient’s full name, date of birth, social security number, medical history, diagnostic information, treatment plans, prescription details, and insurance information.
Sources: These records are often obtained through data breaches in medical facilities, unauthorized access by healthcare personnel, or through phishing attacks targeting patients.
Usage: Such detailed information is valuable for identity theft, medical fraud, and can even be used for blackmail or personal attacks.
Prices and Examples: Fullz ( “full information packages”) are sets of personal data sold by criminals on the dark web. They usually also contain PII and sometimes also medical records. The price starts around 1 USD. Below is an extract of Shop offers that are displayed with Kaduu.io:
In some cases hackers use the shortcut MR which stands for “medical record”
Medical data can be also obtained from physical documents like a “med card”. Starting price is USD 5.
Description: Entire databases from hospitals, clinics, or insurance companies are occasionally found for sale. These databases can include information on thousands or even millions of patients, encompassing all the data points found in single patient records, aggregated over a larger scale.
Acquisition: Large-scale data breaches are the primary source, involving sophisticated cyberattacks on vulnerable healthcare IT systems.
Implications: The sale of such databases poses a massive risk, as it exposes sensitive information of a large population, leading to widespread privacy violations and potential healthcare fraud on a massive scale.
Pricing: The price depends on the size and relevance. In some cases prices need to be negotiated, in other cases the price is visible in the forum.
Example: Fixed Price. Below is an example of a DB Kaduu discovered November 20th 2023
It consists of:
The sales price is 1000 XMR which is roughly 150 USD.
Example: Price not visible. Another example is this database from Yibang Health Industry Group. The price is only revealed upon contacting the seller.
In the example below the hacker offers medical records of 630 GB, but asks to be contacted
Example: Small Price for viewing. Some Hackerforums charge their users for viewing leaks. It’s a small credit fee:
The credit allows the user to view a leak, that is basically “public”:
Example: Free leak, but only for registered or active users. This is the most common form you will find on hacker forums or within ransomware leak sites. Only registered users or users that are active in the forum see the download link
Here an example of a health care leak that can only be viewed if you reply
Below an example of a free SQL Healthcare DB found in a forum and indexed in kaduu.io. In some cases the DB doesn’t reveal PII data as patient records are matches with ID’s:
In other cases all details are visible:
Description: This includes data from clinical trials, pharmaceutical research, and other medical studies. It encompasses patient records involved in the research, detailed descriptions of the study, and potentially even intellectual property related to pharmaceuticals or medical technology.
Mode of Theft: Often stolen through targeted cyberattacks on research institutions or pharmaceutical companies, sometimes involving insiders.
Potential Use: Could be used by competing companies or states for industrial espionage, to expedite their own research, or to undermine the original research entity’s efforts.
Description: Data specifically related to patients’ prescription histories and interactions with pharmacies. Includes information on medications prescribed, dosages, prescribing doctors, and pharmacy records.
Source: Often acquired through breaches of pharmacy chains or healthcare providers’ networks.
Exploitation: Can be used for prescription fraud, to create fake prescriptions, or to target patients for specific drug-related scams.
Description: Detailed records of patients’ medical billing and insurance claims. Includes insurance provider details, claims history, billing information, and payment records.
Acquisition Path: Breaches of insurance companies or healthcare billing departments are common sources.
Risks: Such information is prime for insurance fraud and can be used to create fake claims or for identity theft purposes.