Skip to main content

Cybercriminals leak medical data of Humana customers online

medical health
(Image credit: Pixabay)
Audio player loading…

Cybercriminals have leaked an SQL database filled with the highly sensitive health insurance data of over 6,000 patients on a popular hacker forum according to a new report (opens in new tab) from CyberNews (opens in new tab).

The post's author claims that the data was acquired from the insurance company Humana which is the third-largest insurance provider in the US. The leaked database is filled with a wealth of information dating back to 2019 including patients' names, Ids, email addresses, password hashes, Medicare Advantage Plan listings, medical treatment data and more.

What makes this leak even more concerning is the fact that just four months ago, Humana notified 65,000 of its customers of a security breach (opens in new tab) in which an employee of a subcontractor disclosed medical records to unauthorized individuals between October and December of last year.

One of the members of the hacking forum that downloaded the database claims that the archive is filled with information from 2020 as opposed to 2019. If this is the case, the leaked data could potentially have been acquired during last year's security breach. However, it's worth noting that a majority of the data contained in the samples posted by the leaker come from 2019 and not from last year.

Leaked medical data

Based on CyberNews' analysis, the leaked SQL database contains over 823k rows of data divided into 97 tables and appears to store highly sensitive patient information on 6,487 US patients.

Additionally, the database may also contain API calls to various functions that include private API keys (opens in new tab) that cybercriminals could utilize to access other online services used by Humana or even its partners.

With this data in hand, a cybercriminal could target patients with spear-phishing or spam campaigns, file fraudulent insurance claims, use the patients' health insurance, extort patients using their health information or even attempt to commit identity theft (opens in new tab).

Humana customers can use CyberNews' personal data leak checker (opens in new tab) to see if their data has been leaked but the news outlet also recommends that they set up identity theft monitoring as well as review recent activities on their online accounts while remaining on the lookout for suspicious emails, messages and other requests.

Via CyberNews (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.