Plaintext data compromises patient info

A database containing plaintext data (not encrypted) of 9.3 million individuals from a large, unidentified U.S. health insurer is just one entity a hacker, who calls himself “thedarkoverlord,” broke into recently. The hacker is reportedly selling on the dark web copies of databases stolen from the unnamed health insurer and three unidentified U.S. healthcare organizations containing data on nearly 10 million individuals for prices ranging from about $96,000 to $490,000 in bitcoin for each database. The story hit the news wire June 26 and continues to unfold.

The hacked data being sold, according to DeepDotWeb, and other media sites, includes the unnamed insurer and these unfortunate three:

·         A database containing plaintext data of 397,000 patients of a healthcare organization based in Georgia

·         A database containing plaintext data of 210,000 patients from a healthcare provider operating in the central and Midwestern region of the U.S.

·         A database containing data of 48,000 patients of a Farmington, Mo.-based healthcare organization, which, according to a report on, the hacker claims “was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords.”

Does anything stand out to you in all these breaches? (Hint: notice the words in bold.) So, what can you do to keep the protected health information (PHI) of your patients secure? Inarguably, encrypting your data and eliminating passwords as a single factor for authentication are critical steps.

But with hackers out there who don’t take time off from their attempts to leak patient information from the healthcare system, now may be the best time for you to get in touch with the HIPAA experts at PrivaPlan. We can help ensure that you’re doing everything necessary to protect your data, and therefore, your patients.

Contact us at or call 877-218-7707.

Related Posts

Access PrivaPlan Toolkit

Access CMA-PrivaPlan Toolkit

Sign up for updates

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.