You are currently viewing Data from 500,000 pediatric patients spotted for sale

Data from 500,000 pediatric patients spotted for sale

I am paranoid by trade. I have spent 25+ years thinking about the worst-case scenarios and what to do when they happen. Because everyone experiences an IT emergency at some point, the question is – what will you do when it happens? The most effective thing you can do is to follow the ol’ Boy Scout motto – Be Prepared.

Approximately 500,000 pediatric medical records – many from doctors’ offices that didn’t know they had been breached – were spotted for sale on the dark web. A malicious hacker by the alias Skyscraper was selling children’s information including records containing both child and parent names, Social Security numbers, phone numbers and addresses for as little as $3 each, according to


The hacker told the publication the data came from many sources and were all acquired within recent months, including 200,000 records which were taken from K-12 schools. A sample of the information reportedly was verified by calling the parents of those involved as well as through voter registration rolls and public sources. However, it is unclear which pediatrician’s offices were the source of the information.

Even more disturbing is that there have not been any reported pediatricians’ breaches that would add up to 500,000 over recent months. Nor enough k-12 breaches to add up to 200,000. So how many pediatrician offices and schools do not know they’ve been hacked – or do they know and just haven’t disclosed publicly? Talk about a lack of compliance!

Because the medical records of these young patients provide criminals a blank slate upon which they can build a false identity. This, combined with the fact that medical identity theft of pediatric patients is incredibly hard to detect, means that criminals have a much longer time period with which to profit from the stolen information, costing the victim hundreds of hours and thousands of dollars.

Hackers just ‘search’ for anything called Patients and entire databases show up. The hacker was asked what ONE thing pediatricians’ offices might do or should do to prevent him from successfully attacking them, and their advice was that one of FIRST things they need to do is pay for their software. “You wouldn’t believe how many of those offices run on cracked / downloaded software and outdated 2015 versions.”

Even small practices tend to amass thousands and thousands of patients’ records over many years, putting even former patients at risk of becoming victims of a hack.

If you are a parent of an under-18, do check with a major credit bureau to see if there’s already a credit report on your minor child (there shouldn’t be). You can also find helpful information on the Federal Trade Commission’s site as to how to repair problems if they have already occurred.

We at Advanced Systems Solutions know the power of a good plan, so contact us to make sure your business is ready to go when the new desks and chairs arrive!

Like our Facebook page in the section on the right to stay up to date with date with current alerts and information!

Still have questions, or looking for the best IT security solution consultants available? Let us know and our Orlando based IT experts will help to ensure that your data is safe, secure, and that you are ready to respond to any situation that may arise.


Disclaimer: The above information is not intended as technical advice. Additional facts or future developments may affect subjects contained herein. Seek the advice of an IT Professional before acting or relying upon any information in this communiqué.