Thousands of user accounts of hospital workers for sale on the internet

Timone Hospital, Marseille, November 12, 2020. AP - Daniel Cole

Text by: Dominique Desaunay Follow

3 min

While hundreds of thousands of patient data stolen from doctors and analysis laboratories circulate in open access on the online forums of cybercriminals, an Internet user offers, this time, for sale a database containing 50,000 identifiers and personal data belonging to employees of French healthcare establishments.

Publicity

Read more

In the midst of a pandemic, the sale of medical data has become a flourishing business.

And this is not about to stop, as demonstrated by this new case which worries the entire medical sector in France today.

The alert was given by

Cert, the government center for monitoring and responding to computer attacks

, via the Ministry of Health.

An Internet user offers for sale

a database

grouping together the identifiers, confidential information and professional access codes belonging to the staff of health and hospital establishments.

Profession: carpet merchant on the dark web

The journalist expert in cyber crime

Damien Bancal

, who publishes the results of his investigations in the world of the computer underworld on

his Zataz site

, contacted the pirate reseller directly, posing as a possible buyer.

The cybercriminal gifted with the talent of a barker then writes him the article, praising the quality of his information.

" 

You will find here all the emails of the staff of all the French hospitals

 ", argues the trafficker.

“ 

For them, you are just products.

And so they advertise.

There are hackers who sell off what they sell in the database.

Then you just have to write to them.

Passing off as a buyer, that's what I did,

 ”says Damien Bancal.

" 

I told him: '

How much is your database? 1000 dollars. But it is way too much, 1000 dollars because a database, that sells for 10.20.30 euros at all broken usually."

And there, he replied

"1000 dollars is not a lot and a lot at the same time because you are going to be able to make yourself millions of euros by attacking hospitals". 

So these people have no idea who they are dealing with at all.

For them, it is finding a way to make money.

And whatever!

He may have sold that database 100 times already.

But 100 x 1000 is already a lot!

 ". 

A difficult business to dismantle

The easy-to-contact online hacker, however, is extremely difficult to identify and even harder to locate.

And this is the problem for investigators tasked with dismantling cybercriminal networks.

The pirated data sales forums that abound in the world are in fact mere ephemeral web storefronts.

And for one closed, 10 others immediately take over.

Newsletter

Receive all the international news directly in your mailbox

I subscribe

Follow all the international news by downloading the RFI application

google-play-badge_FR

• Internet

• Cybercriminality

• Health and medicine

• Coronavirus