The employee of international health insurer Bupa fired for inappropriately copying and stealing the data of 108,000 customers, may have up to 1 million medical records for sale on the dark web, according to DataBreaches.net.

DataBreaches found the breach on the dark web on June 23, posted by a vendor called MoZeal.

The listing contained insurance information from 122 countries and included information like member and registration IDs, names, birthdates, all contact information and information about intermediaries.

[Also: Insider breach on global health insurance giant Bupa exposes data of 108,000 customers]

While Bupa’s Managing Director Sheldon Kenton estimated the number of breached records as 108,000, the dark web listing has more than 130,000 insurance records posted from the U.K. alone. Further, MoZeal listed between 500,000 to 1 million insurance records.

Bupa announced the breach on Thursday, which affected international health insurance policyholders. These policies are for those who frequently travel or work overseas. The data included customer information, birth dates, nationalities and other administrative data.

[Also: The biggest healthcare breaches of 2017 (so far)]

The employee was fired immediately after the breach was discovered, and the health insurer is pursuing legal action.

The dark web posting of these medical records is part of an ongoing trend, and highlights the need for better security measures. Hackers are monitoring vulnerabilities online and leveraging insiders to gain access to personal data to sell online.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn