Thousands of Humana customers have their medical data leaked online by threat actors

An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum.

The author of the post claims that the data was acquired from US insurance giant Humana and includes detailed medical records of the company’s health plan members dating back to 2019. The leaked information includes patients’ names, IDs, email addresses, password hashes, Medicare Advantage Plan listings, medical treatment data, and more.

Humana data base leak

The leak comes more than four months after Humana, the third-largest health insurance company in the US, notified 65,000 of its health plan members about a security breach where “a subcontractor’s employee disclosed medical records to unauthorized individuals” between October 12, 2020, and December 16, 2020. In May, one of the patients affected by the breach filed a lawsuit against the company.

On July 18, we reached out to Humana to verify that the data belonged to them.

Update 23/07: According to a Humana spokesperson, no data was removed from the company's systems. Instead, the company claims that it has been acquired via a data breach at "an unaffiliated third-party application targeted at Medicare Advantage members and agents."

"Humana on July 16 became aware of a possible data breach of an unaffiliated third-party application targeted at Medicare Advantage members and agents. The application is not owned or operated by Humana. Our Cyber Security Operations continues to monitor the situation. Humana has policies and procedures in place to maintain the security of its members’ information, and we take this responsibility very seriously."


One of the forum members who downloaded the database claims that the archive contains information from 2020, and not 2019, as suggested by the leaker. If the forum member’s claims are true, the leaked database might potentially be part of the 2020 breach.

With that said, the data found in the samples posted by the leaker mostly comes from 2019, which may indicate that it has no connection to Humana and might have been acquired separately, as suggested by the Humana spokesperson.

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.

What was leaked?

The leaked SQL database contains more than 823,000 rows of data divided into 97 tables. Some of the tables appear to store highly sensitive patient information of US-based 6,487 individuals, including:

  • Full names
  • Patient IDs
  • Email addresses
  • Street addresses with ZIP codes
  • Password hashes
  • Privacy policy confirmation statuses
  • Medicare Advantage plan data
  • Medical treatment data
  • Links to photos and videos, some of which may include patient X-rays, CT scans, insurance document scans

Examples of leaked data included in the samples:

Humana data leak 1

(Medicare Advantage plan listings)

Humana data leak 2

(Drug prescription listings)

In addition, the database appears to contain API calls to various functions, all of which include private API keys that could be used by threat actors to access other online services.

Who had access to the data?

Since the SQL database was made freely available via a WeTransfer link on July 16, it’s safe to assume that multiple users of the hacker forum where it was posted had access to the data.

The question of how many malicious actors actually accessed it remains, and of that, how many are using that data for their cybercriminal activities. It’s also unclear for how long the database has been in the leaker’s possession before it was posted on the hacker forum.

We notified WeTransfer about the incident and will update the article as soon as the link to the leaked database is removed.

What’s the impact?

With the wealth of highly sensitive personal information contained within this database, a bad actor may be able to:

  • Target patients with spear-phishing and/or spam campaigns
  • File fraudulent insurance claims
  • Use the victims’ health insurance
  • Exploit or extort patients based on their health information
  • Collect, collate, and share this medical data with other malicious actors
  • Commit identity theft

Next steps

If you’re a Medicare Advantage plan member, there’s a chance your medical data has been leaked. For that reason, we recommend you:

  • Check if your data has been leaked in other breaches by using a service like CyberNews’ personal data leak checker, which currently has more than 15 billion records
  • Set up identity theft monitoring with your financial institution of choice
  • Review recent activities on your online accounts and watch out for suspicious emails, messages, and requests

More from CyberNews:

New leak reveals: global governments exploit the Pegasus cyber-surveillance tool

Spreadshirt hack: attackers gained access to user data, including bank details and PayPal addresses

New ransomware group Hive leaks Altus group sample files

Threat actors scrape 600 million LinkedIn profiles – again

This couple lost £15,000 to scammers. We followed the money – and found millions in stolen crypto

Subscribe to our newsletter


Elizabeth Eagle
prefix 1 year ago
How do I find out if my name was on the list of accounts that were breached? I tried to file a claim on the Humana "file a claim site" but they want you to log in as if you already registered in their portal. How do I sign in if I qualify as a victim? I've had Humana for several years & still do.
Carolyn Foster
prefix 3 years ago
Other than paying a company to manage my “leaked data” , what are my options vis Humana on?
Leave a Reply

Your email address will not be published. Required fields are markedmarked