Connect with us

Hi, what are you looking for?


Cyber Insurance

Cyber-criminals Selling Complete ID Theft ‘Kitz’ for Over $1,000 Per Dossier

Stolen healthcare data such as health insurance credentials, Social Security numbers, bank account information, and other personally identifiable information about patients are readily available in underground markets, researchers at Dell SecureWorks found.

Stolen healthcare data such as health insurance credentials, Social Security numbers, bank account information, and other personally identifiable information about patients are readily available in underground markets, researchers at Dell SecureWorks found.

Criminals can purchase “fullz,” an electronic dossier on a specific individual, for about $500 each, according to a Dell SecureWorks blog post. They can then use the fullz information counterfeit identities and documents for individuals, or just buy “kitz,” a complete identity theft kit containing ready-made counterfeit documents, for between $1,200 to $1,300 each.

Hackers Sell Health Insurance CredentialsKitz contain documents such as credit cards, Social Security cards, driver’s license, and insurance cards. These underground markets also sell health insurance credentials, which include the names of those covered by the plan, dates of birth, contract number, group number, type of plan (individual, group, HMO, PPO, etc), deductible, and co-pay, and insurer contact information, for $20 each. Additional services, such as dental, vision, and chiropractor plans, are available as add-ons for $20 each, the researchers found.

A number of these marketplaces are serving as a one-stop shop for identity theft and fraud, found Don Jackson, senior security researcher with the SecureWorks’ Counter Threat Unit research team.

Fullz usually contain personal identifiable information for the victim, including full names, addresses, phone numbers, email addresses with corresponding passwords, dates of birth, Social Security numbers, Employer ID Numbers, and financial data such as bank account information, such as routing numbers, account numbers, online banking credentials (which may be incomplete), and credit card information such as magnetic stripe data and PINs.

Jackson did not specify who was behind the sales, but said he believed at least one major operation was based in the United States. He based his suspicions on computer network information and specific clues in how criminals communicated.

While the Health Insurance Portability and Accountability Act (HIPAA) requires hospitals, clinics, and other healthcare organizations to implement security measures to protect personally identifiable information and patient records, data breaches still happen. Rogue employees and careless mistakes are frequently the cause of data leakage within the industry. Healthcare-focused malware can steal the information necessary to conduct fraud.

Earlier this year, Dell SecureWorks’ Incident Response Team investigated a possible cyber-intrusion at a large healthcare company and discovered more than 25 unique versions of the Gatak Trojan across the network. Gatak is a credential- stealing Trojan that harvests names, addresses, credit card numbers, and bank account numbers. While this organization luckily hadn’t lost any data to the attackers, other organizations may not be so lucky.

Advertisement. Scroll to continue reading.

Dell SecureWorks recommends companies take a layered approach to security. On the network level, administrators should install network and Web application firewalls and intrusion prevention and detection systems (IPS/IDS) that inspect outbound and inbound traffic. All endpoints should run advanced malware protection and vulnerability scanners. Employees should be trained to detect and avoid primary infection vectors when using email and encrypting their email communications.

CTU “frequently” discovers caches of stolen data, Jackson said. With the cost of medical care and insurance policies going up, stolen health insurance credentials will likely rise in value on these underground markets, he said.

“It is not surprising that we are seeing health insurance credentials being sold in the underground hacker markets, along with other financial and PPI data,” said Jackson.

Unlike credit cards and other financial data, stolen health care information can last a long time. If the scammer is careful, much of the activity can flies under the radar so that the victim doesn’t realize what is going on.

Jackson and other CTU researchers found other credentials for sale, such as US-based credit cards (with the three-digit CVV code) for $1 to $2 apiece, PayPal accounts with a verified balance for $20 to $200, and even premium Skype accounts, between $1 and $10. Online bank account credentials with accounts less than $10,000 in balance veer wildly in pricing, from $250 to $1,000.

Features such as the ability to wire transfer or ACH bill-pay make the accounts more valuable, while two-factor authentication hurts the value of a stolen account, Jackson said. Credentials for bank accounts with password information for the associated email address were more valuable to criminals than just regular bank account information.

This way, the scammer can stop the victim from receiving email alerts sent by the bank, or to change account information and confirm to the bank the changes are correct, Jackson said.

Game accounts, such as those for Steam, Minecraft, World of Warcraft, PlayStation Network, and Xbox Live, ranged from $5 to $1,000, CTU found. Steam, PSN, and Xbox Live accounts linked to other accounts, or containing multiple game titles and characters, or having payment information saved, were valuable on the market. “There is more realized value in virtual items and currency,” the researchers wrote in the post.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...