Defending Your Data From the Dark Overlord

Gautham Thomas
FEBRUARY 27, 2018
dark overlord,netflix hack,lunarline,hca news

The first tweet that the Dark Overlord sent to a small chiropractor in Poughkeepsie, New York, read: “We’re watching you. Make the right choise [sic].”

By the next day, it was too late for choices. The hacker group had publicly named the practice and claimed to possess all its patient information. The chiropractor, the hackers said, had “rejected our most handsome proposition.”

The pattern is typical of the Dark Overlord: Choose a vulnerable target, steal its data, announce the theft, and demand payment via Bitcoin. If the victim does not pay, the group threatens to release the information or sell it on dark web exchanges, the anonymous underbelly of the internet.

A mythology has come to surround the group, which perpetuates the lore, sometimes by tweeting ominous religious passages. In one extortion letter, it claimed responsibility for “some of the most serious breaches and security violations in the last year.”

The Dark Overlord punches above its weight through strong branding, a focus on terrorizing its victims, and a deliberate press strategy. Although relatively small compared to the $4 billion in global damages wreaked by the WannaCry ransomware attack, its successes show why healthcare organizations of every size must ready their cyber defenses.

Why the Dark Overlord Wants Healthcare Data

The electonic theft of medical records, including health and financial data, appeals to hackers. Among all industries, healthcare suffered the second largest number of data breaches in 2016, according to Symantec’s Internet Security Threat Report. (Strict reporting rules may have affected the ranking.) Last year, healthcare organizations reported roughly 130 breaches that burned as many as 3.3 million people.

The average cost of a data breach is $7.4 million, including customer loss and the costs of notification and remediation, according to an international study of 419 companies across all sectors. Medical information is especially attractive to thieves, experts said, because of its long shelf life and high value. “The chance of being able to run fraudulent activity around them is higher,” said Waylon Krush, CISSP, CISA, who is CEO of the security company Lunarline.

Patient records fetch better prices than other personal information does, experts noted. It is “high payoff,” Krush said. “[Hackers can] try to get to prescription drugs or trick the government into paying for different healthcare activity may not have happened.” He mentioned a long-running, lucrative Medicare scam in which fraudsters used member information to get the government to pay for unnecessary powered wheelchairs.

Money-making schemes go beyond fraudulent billing, said Stan Banash, MBA, chief information security officer at Children’s Hospital of Orange County in Orange, California. “If [a hacker] has medical records for famous people, you can sell those because there’s always someone willing to buy dirt—medical conditions people find embarrassing and don’t want public. There’s a possibility for extortion,” he said.

If a credit card number is stolen, Banash pointed out, credit card companies and banks can kill the card and issue a new one. “It’s not the same with a medical record. If you have a genetic condition, you can’t change that,” he said.

Become a contributor