An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum.
The author of the post claims that the data was acquired from US insurance giant Humana and includes detailed medical records of the company’s health plan members dating back to 2019. The leaked information includes patients’ names, IDs, email addresses, password hashes, Medicare Advantage Plan listings, medical treatment data, and more.
The leak comes more than four months after Humana, the third-largest health insurance company in the US, notified 65,000 of its health plan members about a security breach where “a subcontractor’s employee disclosed medical records to unauthorized individuals” between October 12, 2020, and December 16, 2020. In May, one of the patients affected by the breach filed a lawsuit against the company.
On July 18, we reached out to Humana to verify that the data belonged to them.
Update 23/07: According to a Humana spokesperson, no data was removed from the company's systems. Instead, the company claims that it has been acquired via a data breach at "an unaffiliated third-party application targeted at Medicare Advantage members and agents."
"Humana on July 16 became aware of a possible data breach of an unaffiliated third-party application targeted at Medicare Advantage members and agents. The application is not owned or operated by Humana. Our Cyber Security Operations continues to monitor the situation. Humana has policies and procedures in place to maintain the security of its members’ information, and we take this responsibility very seriously."Humana
One of the forum members who downloaded the database claims that the archive contains information from 2020, and not 2019, as suggested by the leaker. If the forum member’s claims are true, the leaked database might potentially be part of the 2020 breach.
With that said, the data found in the samples posted by the leaker mostly comes from 2019, which may indicate that it has no connection to Humana and might have been acquired separately, as suggested by the Humana spokesperson.
To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.
- Secure your online presence with the best VPNs in 2021
- Choose one of the best website builders to build your business site in no time
- Host your website with one of the top web hosting providers hand-picked by our team
What was leaked?
The leaked SQL database contains more than 823,000 rows of data divided into 97 tables. Some of the tables appear to store highly sensitive patient information of US-based 6,487 individuals, including:
- Full names
- Patient IDs
- Email addresses
- Street addresses with ZIP codes
- Password hashes
- Medicare Advantage plan data
- Medical treatment data
- Links to photos and videos, some of which may include patient X-rays, CT scans, insurance document scans
Examples of leaked data included in the samples:
(Medicare Advantage plan listings)
(Drug prescription listings)
In addition, the database appears to contain API calls to various functions, all of which include private API keys that could be used by threat actors to access other online services.
Who had access to the data?
Since the SQL database was made freely available via a WeTransfer link on July 16, it’s safe to assume that multiple users of the hacker forum where it was posted had access to the data.
The question of how many malicious actors actually accessed it remains, and of that, how many are using that data for their cybercriminal activities. It’s also unclear for how long the database has been in the leaker’s possession before it was posted on the hacker forum.
We notified WeTransfer about the incident and will update the article as soon as the link to the leaked database is removed.
What’s the impact?
With the wealth of highly sensitive personal information contained within this database, a bad actor may be able to:
- Target patients with spear-phishing and/or spam campaigns
- File fraudulent insurance claims
- Use the victims’ health insurance
- Exploit or extort patients based on their health information
- Collect, collate, and share this medical data with other malicious actors
- Commit identity theft
If you’re a Medicare Advantage plan member, there’s a chance your medical data has been leaked. For that reason, we recommend you:
- Check if your data has been leaked in other breaches by using a service like CyberNews’ personal data leak checker, which currently has more than 15 billion records
- Set up identity theft monitoring with your financial institution of choice
- Review recent activities on your online accounts and watch out for suspicious emails, messages, and requests
More from CyberNews:
Subscribe to our newsletter