The patient records of about 500,000 children are up for grabs on the dark web, a hacker named Skyscraper told DataBreaches.net on Wednesday.

These records contain both child and parent names, Social Security numbers, phone numbers and addresses. DataBreaches didn’t name the breached organizations but also said that another 200,000 records were stolen from elementary schools.

[See them all: 10 stubborn cybersecurity myths, busted]

To make matters worse, the amount of breached records for pediatricians reported to the Department of Health and Human Services’ Office of Civil Rights is not equal to that number, meaning many of these providers are likely unaware their data has been exposed.

The hacker finds the records by simply searching for “patients,” and the search returns entire databases left exposed. DataBreaches said the hacker pointed to these organizations using outdated or free software. Further, many of the records were of former patients and therefore didn’t need to be online.

[Also: Hackers will target hospitals like never before in 2017]

Patient records of children are in high-demand on the dark web, according to ICIT Senior Fellow James Scott.

These complete medical records can be sold on the Dark Web for about $500 to $1,200, which depends on how much information is included and the market type, a September ICIT report found. The criminal can build a fake identity from the child’s information, as many breach records take a long time to be discovered.

[Also: The biggest healthcare breaches of 2017 (so far)]

Twitter: @JessieFDavis

Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn