US hacker pleads guilty to selling healthcare employee data on dark web

A dark web hacker has pleaded guilty to stealing information from 65,000 employees of the University of Pittsburgh Medical Center (UPMC).

Justin Sean Johnson – known as ‘Dearthy Star’ on the dark web – was found to have stolen personal identifiable information (PII) of the over 65,000 employees from healthcare provider and insurer UPMC and selling it onto the dark web.

He was also found to have stolen and sold almost an additional non-UPMC sets of PII between 2014 and 2017.

UPMC is Pennsylvania’s largest healthcare provider and employs over 90,000 employees in 40 hospitals as well as 700 doctors’ offices and outpatient sites.

According to Bleeping Computer, Johnson was found to initially infiltrated UPMC’s HR database network in December 2013 after he hacked into its Oracle PeopleSoft human resource management system. On the same day, he was able to access the PII of around 23,500 employees after he ran a test query.

This was followed early in the following year by a move to remotely exfiltrate the PII of tens of thousands of employees, which he then sold on dark web marketplaces such as AlphaBay and Evolution. Those who bought the PII used it to fraudulently file income tax returns among other things.

The indictment found that the fraudulent tax refunds – which amounted to a total of $1.7m in unauthorized federal tax returns – were later converted into Amazon gift cards. Johnson then deposited the cryptocurrency that he bought using the fraudulent money into a Coinbase account.

Johnson is facing a maximum of five years in prison as well as a $250,000 fine for conspiracy to defraud the US and will face a mandatory two years in prison and a further $250,000 fine for each count of aggravated identity theft. He currently remains detained pending sentencing.

Earlier this month, Ireland’s healthcare service was temporarily forced to shut down its computer systems as a precaution following a significant ransomware attack.

Copyright © 2021 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.