Cybercriminals have leaked an SQL database filled with the highly sensitive health insurance data of over 6,000 patients on a popular hacker forum according to a new report (opens in new tab) from CyberNews (opens in new tab).
The post's author claims that the data was acquired from the insurance company Humana which is the third-largest insurance provider in the US. The leaked database is filled with a wealth of information dating back to 2019 including patients' names, Ids, email addresses, password hashes, Medicare Advantage Plan listings, medical treatment data and more.
What makes this leak even more concerning is the fact that just four months ago, Humana notified 65,000 of its customers of a security breach (opens in new tab) in which an employee of a subcontractor disclosed medical records to unauthorized individuals between October and December of last year.
- We've compiled a list of the best endpoint protection software (opens in new tab)
- These are the best VPN (opens in new tab) services on the market
- Also check out our roundup of the best password manager (opens in new tab)
One of the members of the hacking forum that downloaded the database claims that the archive is filled with information from 2020 as opposed to 2019. If this is the case, the leaked data could potentially have been acquired during last year's security breach. However, it's worth noting that a majority of the data contained in the samples posted by the leaker come from 2019 and not from last year.
Leaked medical data
Based on CyberNews' analysis, the leaked SQL database contains over 823k rows of data divided into 97 tables and appears to store highly sensitive patient information on 6,487 US patients.
Additionally, the database may also contain API calls to various functions that include private API keys (opens in new tab) that cybercriminals could utilize to access other online services used by Humana or even its partners.
With this data in hand, a cybercriminal could target patients with spear-phishing or spam campaigns, file fraudulent insurance claims, use the patients' health insurance, extort patients using their health information or even attempt to commit identity theft (opens in new tab).
Humana customers can use CyberNews' personal data leak checker (opens in new tab) to see if their data has been leaked but the news outlet also recommends that they set up identity theft monitoring as well as review recent activities on their online accounts while remaining on the lookout for suspicious emails, messages and other requests.
- We've also highlighted the best antivirus (opens in new tab)
Via CyberNews (opens in new tab)