[BreachExchange] Exclusive: Personal data of 1.41m US doctors sold on hacker forum

Destry Winant destry at riskbasedsecurity.com
Tue Apr 14 10:10:57 EDT 2020


Cybercriminals are taking advantage of the Covid19 pandemic. From
selling fake Coronvirus vaccines and testing kits to setting up
malware-infected fake live maps of the infection, crooks can go to any
level to make cheap and quick bucks on hacker forums.

In the latest, a cybercriminal is selling personal and contact details
of 1.41 million doctors based in the United States. This can turn into
a disaster for doctors and healthcare staff busy saving lives amid the

Hacker forum where Find A Doctor’s database is being sold.

Hackread.com has learned that the database in the discussion was
stolen on April 11th, 2020, from qa.findadoctor.com, an online service
that lets people search for the healthcare professional, book instant
appointments and consult with doctors online.

The targeted website is based in Edison, NJ New Jersey and owned by
Millennium Technology Solutions. A look at it shows it claims to have
registered 100000+ doctors and 5000+ members. The website allows both
doctors and patients to register themselves with their email
addresses. Though, patients are required to snap a photo of themselves
or upload one from their PC to register their membership.

We can confirm that patients’ photos or medical records are not among
the stolen data. However, what includes in the data is enough to
target doctors. For instance, the sold records include details like
full names, genders, name of the hospital – organization where they
work, their location, mailing address, practice address, country,
phone numbers, license number, and much more.

The good news is that this trove of data does not contain email
addresses which means doctors are safe from phishing and malware scams
but based on the leaked records finding their email addresses will be
a piece of cake. Hackread.com was able to find dozens of doctors in
New York-based on the sample data we have seen.

Sample data on the hacker forum

Furthermore, cybercriminals can use available phone numbers to carry
out a smishing attack, a malicious technique involving sending of text
messages with phishing links to steal financial data or redirect the
victim to website dropping malware – Simply put: Attacking options for
cybercriminals with this data are infinite.

In a comment to Hackread.com, Under the Breach, a service that
exclusively monitors data breaches and works for its prevention said

Despite the lack of e-mails in the database which are indeed a common
way for cybercriminals to carry operations, the fact that the list
contains a very specific type of individuals, all of whom are in the
healthcare industry, could pose a risk of governments or bad actors
carrying out disinformation campaigns via SMSes. Especially during
this hard period, having the wrong medical information could pose a
huge risk.

On the other hand, several Twitter users connected with the cyber
security industry shared their views on the incident. One user going
by the online handle of @Ug_0Security tweeted: “Lol why would you sell
or buy that? It’s public stuff just scrap it yourself.. or buy a

In response, another Twitter user @cloakXkeyboard explained that:
“Because then they can take that big list of emails and carry out a
phishing campaign or malware campaign against those individuals -this
is common for ransomware like Ryuk.”

Ryuk is a nasty piece of malware used by cybercriminals in ransomware
attacks. In February this year, Ryuk was used against Florida’s Stuart
Police Department and successfully took over computers digital
evidence on six suspected drug dealers and ended up destroying it
resulting in freeing all three individuals.

Nevertheless, at the time of publishing this article, the database was
still up for sale on the same hacker forum where names and phone
numbers of 42 million Iranians and terabytes of OnlyFans data on
demand is being currently sold.

More information about the BreachExchange mailing list