Hacker’s Selling MD Info on the Dark Web

Hacker’s Selling MD Info on the Dark Web


Doctor’s Fall Prey to Hackers

Cristal M Clark

Everything seems to be for sale these days in terms of one’s identity and worldwide, governments are unable to both prevent it, let alone stop it once the proverbial ball starts rolling.


In what some are calling a deeply disturbing new trend, hackers are selling the identities of doctors for $500 on the dark web. The hackers are obtaining all the details needed to pose as a medical professional by targeting, employees, hospitals and other healthcare organizations, which possess all of the highly valuable data. In case you are wondering about the employee bit; employees are every organizations biggest liability and some cases employees are sending information through non secured email channels, texts, WhatsApp, in public and the like. Case in point, Clinica here in Colorado has a rather rampant issue with its medical staff sharing patient records, which include doctor information, utilizing the likes of Gmail rather than its internal email system as reported by employee BB, who is stationed in Lafayette, CO. Then we have as we all should be very well aware of, the hacking into and holding hostage of networks, which of course contain virtually all the needed information. Hackers compromises the corporate network of a healthcare provider to find administrative paperwork that would support a forged doctor’s identity and patient information. A process that becomes even easier once hackers see staff sharing information through non-secured email like in the case of Clinica.

The cyber criminals are then able to use the stolen information to forge the identities of doctors in order to submit fraudulent insurance claims or obtain prescriptions for controlled drugs like opioids that will in turn be sold on the black market or on the streets.


Documents on sale include malpractice insurance documents, medical diplomas, board recommendations, medical doctor licenses, and DEA licenses. This was uncovered by researchers at cyber security firm Carbon Black, who tracked the shifting patterns of cyberattacks towards medical organizations as well as personal medical records and hacked health insurance company login information.

Tom Kellermann, chief cyber security officer at Carbon Black: “This is a relatively new trend, the price is warranted when you consider what can be done with the data. Cyber criminals can use this information to facilitate insurance fraud, as well as submit prescriptions for controlled substances like opioids. These can then be sold on the black market at a steep profit.”

This information is generally cheaper to obtain, with forged prescriptions costing between $10 and $120 on the dark web and insurance login information costing as little as $3.25 per record.


The researchers called for “extreme vigilance” on the part of security teams working to protect healthcare institutions. Which is desperately needed, honestly. The employee who informed me about medical staff sending patient records through Gmail also took it upon himself to share sensitive patient information with me on multiple occasions, the fact that the CFO of the organization fell for an email scam costing the organization thousands, and the inner workings of the software that they utilize. This type of information sharing with anyone is a cybercriminals wet dream if you will.

The world however, as in our worlds governments need to make it easier for all individuals to change ones credentialing if you will once someone’s identity has been compromised, new identification numbers, new licenses, etc. because by default, by keeping all of that information the same and simply flagging it, you still allow for the crimes under which the original licenses, identification numbers were committed, to continue on.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter


And https://gab.ai/thecrimeshop


    • I agree thank you for responding to my message to you and for answering my questions about the clinic I reached out to medicare/medicaid. I have issues with clinics sharing information using private email accounts they need to be held to higher standards and doctors already act like they are smarter than the rest of us so as far as I am concerned they dont have an excuse to act stupid when sending medical records.


  1. I am a patient at the clinic you talked about here I hate it I heard one of the girls up front making fun of me to another employee then another employee joined in. if I had money and did not need public assistance I wouldn’t be seen here anymore it makes me feel worse about myself than i already do. the place claims it serves the community but its not like that at all its a terrible degrading place to go and the women dress like tramps going out for the night. i feel ashamed of myself everytime i go in.


    • Please, get off of assistance then by all means I am sick of paying for all of your sorry asses who are on public assistance try keeping your legs closed or staying healthy stop asking for hand outs that you are not entitled to have. What you are born so you feel like everyone else should be responsible for your asses? For those that have never been into a Clinica Family Health Facility here in COLO it’s like going to one of them roach infested strip clubs down on Federal Blvd here in COLO. They hire predominately hispanic or latino women because that is the public they usually serve for both the clinics and the strip clubs in that part of town. These women show up to work like they are heading out to their night jobs as crack whores. My tax dollars should not be paying them a dime especially if they share the records of the patients through gmail emails or by employee word of mouth to anyone. As for the doctors whos shit may get stolen who cares protect your patients first jerks the your doctors make more than enough to recover from id theft your patients dont.


  2. Not a patient at this clinic but this happened to me a couple of years ago at a regular doctors office. One of the doctors were sending patient records through I think it was yahoo at the time, the only reason we found out was because we were out for dinner one night and overheard the tech guy at the doctors office telling someone about it. The guy thought it was funny and he talked my medical records he saw. Never went back. I think the mainstream has the idea down well enough but they are not covering all the ways our information is getting out. The staff are the ones causing the issues and I agree who cares about the doctors identities being stolen, they aren’t the ones damaged when their own staff loses shit, we patients get hit twice by it.


  3. I get to the boulder office, the people at it looks at me and treat me like I’m white trash. It’s not easy to get into the offices no one wants to go in and see women putting themselves on display wearing inappropriate clothing that isn’t office appropriate it makes those of us who come in feeling uncomfortable. I’ve seen men employees of the place almost drool when working with some of the girls at the place it’s even more uncomfortable. What others are saying is true though they talk about us in front of regular people coming in and I saw a girl taking a picture of someone’s files on her phone then text them.


    • I do agree it is funny how the story is about one thing but the readers are not having it. I think people see stories like this and we know in the real world its not just hackers hacking its people like the medical staff giving out our information because they are so about themselves that they don’t stop to care about us little pinons. Hopefully the medical community see some of these comments and take a good look at themselves first. First of all no one wants to see anyone working in a medical office especially an office that caters to the less fortunate dressing like they are going to a party, fake nails, tons of makeup and perfume that makes the poor feel even worse second they also don’t want to see anyone dressing like all business that is so out of line in today’s world, business casual is jeans and nice shirt nothing too revealing or threatening or sexual.


  4. Privacy is a thing of the past. The author is right its up to our governments to come up with some type of fix and until they do that we will still see this happen in every industry. Sorry to throw shade but are’t doctors and pharma responsible for the opiod crisis anyway? So yeah who cares about a doctors identity being stolen.


  5. First thing first get rid of the spanish speaking illegals and anyone else who can’t speak English that will solve two problems, you get rid of anyone needing public assitance then you can fire the spanish speaking skanks that work in these offices.


  6. We should all be working on climate change issues not worrying about doctors who hire staff that is too stupid not to lose any credentialing and who share patient medical records and history when, where and how they shouldn’t


      • Your the idiot HZ, the story also wasn’t about illegals someone figured out the social class the clinic that was written about in the article takes care of and news flash they are not all Hispanic! It’s an entire social class, called the underprivileged or poor. The whole point of the story if you actually read it rather than the just the comment section, was that the problem is not always just hackers compromising networks and stealing information, employees play a larger role than most are willing to discuss when it comes to anyone’s information becoming compromised.


  7. It was so cool to meet you last night! Thank you for making us all laugh our asses off. Why do they call you the ghost killer? That cop dude last night called you by that and my girlfriend says she’s read rumors on Reddit that they call you the ghost killer and you are a former spy? Do tell!


  8. I would like to know who to file a complaint with over Clinica Family Health sharing patient medical records throughout not secured emails like gmail because a lot of my medical records information has gotten into the hands of scammers who stole my identity and got prescriptions and clinics is my medical services provider.


What are your thoughts

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.