A former employee of healthcare giant Bupa was selling between 500,000 and 1 million records on the healthcare giant Bupa was selling between 500,000 and 1 million records on the dark web. The former employee whose identity remains undisclosed had sold several batches of hundreds of thousands of records managed by Bupa.
Analysts at DataBreaches found a first batch of records stolen by the former employee on June 23, the man was offering them on a dark web marketplace. DataBreaches revealed the vendor MoZeal was offering for sale at least 500,000 records, the man listed between 500,000 to 1 million insurance records.DataBreaches found a first batch of records stolen by the former employee on June 23, the man was offering them on a dark web marketplace.
Below the official statement issued by the company.
“All of the information and statements we have made public this week, remain valid,” read the statement. “We are aware of a report by Databreaches.net that suggest ‘a former employee claimed to have 1m records for sale’. Our thorough investigation established that 108,000 policies, covering 547,000 customers, had been copied and removed. The disparity in numbers claimed and those taken, relates to duplicate copies of some records.”
Sheldon Kenton, Managing Director of Bupa Global said that globally data from around 108,000 insurance policy holders covering 547,000 people, had been copied and removed. The information does not include financial data.
“I wanted to let you know that we recently discovered that an employee had taken some customer information from one of our systems. I know that this will be concening, so wanted to explain the situation,” Kenton said.
“The information that was taken does not include any financial or medical information. This data comes from one particular part of Bupa – Bupa Global – which handles international health insurance, mainly for people who work overseas or travel on a regular basis. To be fair, this does not affect Bupa’s other local businesses.”
The listing contained insurance data from 122 countries and customers’ personal information including member and registration IDs, names, birthdates, contact information and information about intermediaries.information including member and registration IDs, names, birthdates, contact information and information about intermediaries.
Bupa, of course, fired the employee and is currently pursuing legal actions against him and is trying to discover the real identity of the vendor MoZeal.
Medical records are a hot commodity on dark web marketplaces, the healthcare industry was the number one target for cybercriminals. Previously, the banking industry held the top position.
In 2015, more than 100 million healthcare records were compromised, according to IBM’s “2016 Cyber Security Intelligence Index.”
The non-profit organization Institute for Critical Infrastructure Technology revealed that 47 percent of US-based residents have had their medical records stolen, their data were offered for sale on the dark web in 2015.
(Security Affairs – BUPA, Dark Web)