Inside the dark web: What hackers are selling network access to hospitals for

Some ransomware hackers sell unauthorized access to compromised hospital networks through the dark web, according to an Aug. 10 Intsights report.

Through online forums hosted on the dark web, hackers buy and sell hospital administrator credentials and access to hospital networks. This data is used to launch ransomware attacks and steal medical records.

Seven things to know:

1. A Russian-speaking hacker by the name "hardknocklife" was auctioning off access to a U.S. hospital's network. He said the access yielded patient records which were valuable because they contained birthdates, Social Security numbers and other details that can be used to create fraudulent credit applications. The auction started at $500, but the "buy now" price was $5,000.
   
   
2. Posts usually disclose the hospital's location, annual revenue and market valuation. Hackers usually refrain from sharing the name of the hospital on the posts. They are aware that law enforcement reads their posts and don't want to risk losing access. On some occasions, hackers have disclosed the hospital's identity through private messages.
   
   
3. Hackers usually sell the access points at a set price, instead of running an auction. Typical pricing for the access ranges are from three to five figures. Most prices are in the four-figure range.
   
   
4. Prices for healthcare organizations tend to be lower because of the perception they are easier to compromise, the report said. The average price was $4,860 for an unauthorized access point, while the median price was $700.
   
   
5. The lower costs of buying these organizations may have made them more desirable for ransomware operators, the report said.
   
   
6. In another example, Russian-speaking "TrueFighter" said in a July 2020 post that it was selling the information of an American hospital with $60 million in revenue.
   
   
7. The seller offered RDP points and domain administrator credentials for $3,000. The RDP would have given the buyer remote access to its systems. An efficient ransomware operator would have stolen patient records before deploying ransomware, since patient data is valuable, according to the report.