Healthcare workers' data sold on dark web, reports IntSights

The personal data of thousands of healthcare workers is being sold on the dark web, a new report has found. 

IntSights, a network security company owned by software firm Rapid7, has released a report detailing the security risks in the healthcare sector, including finding the information of multiple healthcare workers being sold on the dark web.

The  research found that in February 2021 the username “cesarbsfilho" offered to sell access to a Mongo database from a Brazilian hospital. The database included records for 198,926 patients and 4,646 employees -  along with their names, dates of birth, Brazilian taxpayer numbers, identity document numbers, and job descriptions. 

In April this year a threat actor named "KelvinSecTeam" offered to sell a database of 200,000 US doctors for as little as $500, which included names, street addresses, email addresses, phone numbers, specialties, and medical license numbers. 

IntSights threat intelligence also shows a market for the production of fraudulent digital COVID-19 testing and vaccination documents, operating in the US and in Europe. In many cases, these documents are being produced with the help of insiders, so they appear legitimate when verified. 

The research also looks at how the increased use of remote communication platforms, such as Zoom and Slack, as well as the rise of telehealth, have given attackers more opportunities to send malicious links and attachments to people working remotely, gaining access to their private communications.

IntSights' report concludes by saying that in this unprecedented era of advanced threats, healthcare and pharmaceutical organisations must prioritise security and use all the tools available to them to protect themselves from cyber threats.  

• To read the full report visit Intsights