Over 400,000 sensitive healthcare records leaked on the Dark Web

Ransomware is a fast-growing digital threat. Cybersecurity expert Mark Turnage explains how companies large and small can find data on the Dark Web and protect themselves from an attack.

Image: iStock / kaptnali

Cybersecurity firm OWL Cybersecurity recently discovered 9 million healthcare records on the Dark Web. Though the amount of personal records found by the company is staggering, it's a small fraction of the information bought and sold regularly on the encrypted internet, a company spokesperson said. In fact, according to the United States Department of Health and Human Services (HHS), in 2015 over 100 million healthcare documents were leaked on the encrypted internet.

Some of these files were swiped during traditional system hacks. But, said OWL Cybersecurity's president and CEO Mark Turnage, ransomware was responsible for the majority of the leaks. Ransomware is malware that locks a PC and encrypts all local files. In a typical attack, a message demanding payment is displayed on the user's screen. If the extortion is not paid, typically in Bitcoin, in a certain period of time, local files are stolen and either erased or rendered inaccessible.

SEE: Quick glossary: Malware (Tech Pro Research report)

"When sellers list data on [Dark Web] markets they often release samples to show that the data they are selling is real and this listing was no exception," Turnage said. "When 9.3 million records went up for sale on June 28, 2016, the listing included 100 sample records containing patient information."

"Ransomware is successful because victims may see a ransom of a couple of hundred dollars as a price worth paying in order to regain access to files," said ZDNet's cybersecurity expert Danny Palmer in a recent report. "While a $200 ransom might not seem like much in the big scheme of things, if thousands of people give in and pay ransoms to the perpetrators of ransomware, then the amount of money being illicitly made quickly adds up."

Image: Cisco/Talos Group

Because the ransom amount is typically low relative to the value of local data, enterprise companies, SMBs, government agencies, and hospitals are particularly vulnerable to ransomware attacks. OWL Cybersecurity's research partners Healthcare IT News and HIMSS Analytics estimated that nearly 75 percent of hospitals in the U.S. were hit with ransomware attacks in 2015.

In the near future, ransomware could be the single largest cybersecurity threat facing consumers, companies, and organizations. Palmer reported that in Q1 2016 attacks were up nearly 14 percent. The increase can be blamed on ransomware-as-a-service (RaaS)--code that can be purchased on the Dark Web, then customized by attackers.

Ransomware is frightening because the malicious software so challenging to combat. "The [Dark Web], by its very nature, is designed for anonymity," Turnage said. "[Data] is intentionally hidden and inaccessible with standard web browsers making it very difficult, if not impossible, to determine the identity of any given user, including those that run the various ... markets that list items for sale."

Enterprise companies and SMBs are not without recourse, however. Turnage shared several best practices:

  • Prior to attacks, define, establish, and enforce clear policies, procedures, and controls around organizational operational security.
  • Identify internal and external networks and applications.
    • Lock down wireless networks.
    • Restrict physical access to hardware like company computers and servers.
    • Train employees on safety and security.
  • Partner with reputable organizations to monitor the Dark Web for leaked or otherwise compromised sensitive data.
  • After a leak happens and data has been stolen or compromised:
    • Identify where and how the data leak occurred.
    • Notify those affected and provide mitigation support.
    • Provide ongoing monitoring of leaked data for identity theft and other possible misuses.

Response speed can significantly mitigate the damage caused by a data leak. OWL Cybersecurity has aggregated a massive database of Dark Web content scraped from Tor, IRC, anonymous clearnet text sites like Pastebin.com, hacker forums, FTP servers, and other outlets. Its database is around 400 million pages, and the company is adding nearly 11 million pages per day.

WATCH: How To Protect Your Information From Hackers (CBS News)

"[Our] engine scrapes more relevant darknet data in one hour than an intelligence analyst can discover in one month," Turnage said. "By shortening the timeframe to detection of compromised data on the darknet, organizations can swiftly detect security gaps and mitigate damage prior to misuse of their data."

Read more