Hacking-for-hire groups have added healthcare sector to their portfolio of services on the dark Web, proving that medical data continues to be among the hottest commodities online.
Kaspersky’s research revealed that the base price has gone so cheap, depending on the type of breach or goods an anonymous customer requires.
The dark Web is made of anything that is not commonly indexed on the surface Web. To be able to get into this hidden part of the Web, a user should use a special software such as Tor. Tor stands for “the onion router” and is a method for anonymizing data.
Based on Kaspersky’s research, hospital and healthcare infiltrations are among the newest services being offered by anonymous hacking groups, alongside targeted attacks and cyberespionage against specific countries as well as infections to gain energy and maritime information.
“With the healthcare sector a bit lagging in terms of their cybersecurity capabilities, we observe that hacking groups are now off to exploit this fact by adding medical information and hospital attacks to their services list publicly available on the dark Web. Any organizations, individuals, and companies can be their potential customers since these cybercriminals are offering various services,” commented Seongsu Park, security researcher at Kaspersky.
Park also noted that medical records can be considered more valuable than a simple credit card. This is because a hospital generally requires a patient’s personal and financial credentials before a check-up or an admission.
“Based on the indications and patterns we have seen and are still seeing on the dark Web, the main purpose of the individuals behind these hacking groups is to sell the medical information to another crime group or to any individual who aims to access confidential medical data. It is quite alarming that we are increasingly coming across such active advertisements, which can either mean this illegal practice has turned into a normal type of business or the demand for such attacks are becoming increasingly high,” added Park.
The motives of the buyers, according to Park, can include calling scam, identity and monetary theft, as well as blackmailing and any derived crimes. Such malicious actions are possible with the amount of records and confidential data hacking for hire groups can harvest illegally from the affected health institutions.
When it comes to the possible customer profiles, the nature of the dark Web being anonymous opens the possibility that it could be anyone – from a new hacker, to an enterprise, or even a nation-backed cyberespionage group.