• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Cybercriminals Use Bots to Steal Active Pharmacy Accounts and Resell Prescriptions

by Syed Hamza Sohail 08/10/2022 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Cybercriminals Use Bots to Steal Active Pharmacy Accounts and Resell Prescriptions

What You Should Know:

– Cybercriminals are leveraging illegal bots to steal pharmacy accounts and resell prescriptions on a secondary market for in-demand substances, like Oxycodone, according to recent research from Kasada’s threat intelligence team.

has recently shared research by its threat intelligence team about a new, illegal use of bots -.

– Researchers have also identified an acceleration in this activity: over the past 60 days, the number of stolen pharmacy accounts available for sale has increased by 5x.

Using Bots to Steal Pharmacy Accounts and Resell Prescriptions

In April 2022, Kasada threat intelligence first observed the use of credential stuffing to attack pharmacies, steal active customer accounts, and exploit the distribution of prescribed medications. Credential stuffing is an automated attack where cybercriminals use lists of stolen or leaked usernames and passwords to try and log in to various accounts. Once they are successful, they take over accounts (ATO) and either sell them or exploit them by making fraudulent transactions.

This illegal activity puts medications in the hands of people who don’t have a prescription from a doctor. As such, it enables substance abuse. It also takes prescribed medications away from the people who legitimately need them. Sellers offer access to legitimate prescriptions for controlled and highly addictive substances, such as Oxycodone. The price for a stolen account ranges from the cost of an insurance co-payment to several hundred dollars. Based on the volume of transactions over the past 30 days, it is estimated that a single operator can make over $25,000 per month selling stolen pharmacy accounts. Stolen accounts often come with a guarantee – if the login or card on file doesn’t work, the provider will replace it with a new account.

“This is one of the boldest, most egregious and dangerous uses of bots we’ve ever observed,” said Sam Crowther, founder and CEO of Kasada. “Because the automated tools used for these attacks are so readily available and affordable, and because the sale of stolen usernames and passwords has never been more lucrative, it is easy to see why this type of theft is growing in popularity.”

Kasada’s modern, proactive approach to stopping bots adapts as fast as the attackers working against it, in contrast to reactive bot management systems that rely on static and poorly obfuscated defenses. The company recently announced enhancements to its anti-bot platform, maintaining the company’s position at the forefront of defending against the latest and stealthiest automated threats. Its latest release also addresses the growing prevalence of Solver Services, which are API-as-a-service tools created to bypass the majority of bot management systems and conduct automated attacks such as credential stuffing.

4 Ways Hackers Use Bots to Commit Account Takeovers to Sell Stolen Prescriptions

Researchers also identified the following four key ways hackers are using bots to commit ATO to sell stolen prescriptions:

1. Credential Stuffing to Conduct ATO Attacks – Automated account cracking tools, including OpenBullet2, are loaded with bots and configurations similar to those used for scalping. These tools perform a credential stuffing attack on a pharmacy’s website or mobile app. By stuffing stolen usernames and passwords, the attacker can exploit the fact that consumers reuse the same credentials on different websites. A small percentage of the stolen credentials “work” and allow the attacker to successfully takeover accounts (performing ATO) with legitimate login credentials.

2. Data Extraction – Once an account is taken over, the attacker automates the process of extracting the prescriptions and other information associated with the account. Data linked to the account includes customer information, such as name, birth date, phone number, and the payment source on file.

3. Storefront Integration – The extracted information is integrated with eCommerce marketplaces that can be found across the corners of the Internet. It’s notable that these acts of online fraud aren’t restricted to the dark web, but are on the Internet for anyone to find. Stolen accounts are put up for sale using a non-identifiable seller profile. Shoppers can choose the pharmacy and medication of their choice, accepting a range of payment methods, including cash transfer and crypto. The sellers typically offer a guarantee such that if the account doesn’t work, they will provide a new account at the same pharmacy at no additional charge.

4. Using a Stolen Pharmacy Account – Once an account is purchased on the secondary market, the purchaser is free to use the account to obtain the medication at the specified pharmacy. This can be done using online ordering (use the credit card associated with the account and reroute the shipping address). Alternatively, the purchaser can visit a pharmacy to pick up the prescription using the information lifted from within the account to pass authorization checks, such as birthdate. What’s done with these pharmaceuticals after purchasing? Likely a combination of two activities that create a dangerous – and difficult to trace – impact on our society. The purchaser can consume them, or resell them for a premium, furthering the underground economy for stolen pharmaceuticals and widening the access of controlled substances to those who shouldn’t be taking them.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: API, Cybercriminals, medication, Notable, Pharmacy, Substance Abuse

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

5 Ways New Trump Administration Tariffs Are Impacting U.S. Healthcare Now

5 Ways Trump Administration Tariffs Are Impacting U.S. Healthcare Now

iCAD, GE HealthCare Integrate to Advance Breast Cancer Detection with AI

RadNet to Acquire iCAD for $103M in All-Stock Transaction

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |