Three US healthcare organisations are reportedly being held to ransom by a hacker who stole data on hundreds of thousands of patients.
The hacker has also put the 650,000 records up for sale on dark web markets where stolen data is traded.
Prices for the different databases range from $100,000 (£75,000) to $411,000.
Buyers have already been found for some of the stolen data, the hacker behind the theft told news site Motherboard.
No information about the size of the ransom payment sought by the data thief has emerged, although he did say it was "a modest amount compared to the damage that will be caused to the organisations when I decide to publicly leak the victims".
The organisations that data was stolen from are known to be based in Missouri, Georgia and the midwest. The attacker told Motherboard that he would not name the organisations, to give them a chance to pay up.