Hackers claim to have stolen two terabytes of Brazilian Military Police medical records in a breach that could expose officers and their families.
The threat actors took to a well-known underground forum with a post claiming that they had breached the Brazilian health information company Maida.health.
According to the post, over two terabytes of Brazilian Military Police data were allegedly taken. Among the stolen data is extremely sensitive information, such as health records of the officers and their family members, as well as identification cards.
Health records cover the diagnostic and treatment services of cardiology, neurology, and gynecology specialists. The stolen data also includes invoices for medical services, administrative protocols, regulatory certificates, and clinical patient data.
Cybernews was not able to independently verify the claims, as data samples were not accessible. Cybernews has contacted the company, but a response has yet to be received.
If the data proves legitimate, it can have serious privacy implications. Medical invoices and checkup reports contain a lot of sensitive information, such as diagnosis and personally identifiable data.
“When this kind of data is leaked, it could often lead to identity theft or medical fraud. For example, criminals may try to impersonate the victim to receive medical care or try to get prescription drugs in the victim's name,” our researchers said.
Brazil’s Military Police are the uniformed state forces tasked with patrolling streets and maintaining public order. Operating across the country’s states and the Federal District, they serve as the primary frontline police presence at the local level.
Maida.health has a reported revenue of $45.9 million. The company provides digital solutions and AI-based automation for the health sector, from managing insurance claims to billing and teleconsultations.
Medical data is at threat
The medical sector has been under fire recently, with attackers targeting sensitive patient data. Digital providers’ mistakes also put millions of patients at risk.
Reportedly, over 1.2 million medical devices have been found exposed on the internet, enabling hackers to access sensitive data even before patients hear their diagnosis.
European cybersecurity company Modat said it had scanned the internet and found more than 70 different types of misconfigured internet-connected medical devices and systems. These include MRI, CT, X-rays, DICOM viewers, blood test systems, hospital management systems, and others.
Previous Cybernews research has shown that third-party service providers could also be Trojan horses for health care providers. Our researchers uncovered a massive data leak affecting US citizens’ medical data, containing roughly 2.7 million patient profiles and 8.8 million appointment records. The leaked data was linked to Gargle, a marketing, SEO, and web development company.
Attackers on other underground forums have also claimed to have leaked data recently, including everything from medical practitioners' names to home addresses.
The attackers didn’t specify where exactly they got the data from, yet they claimed it includes information on 433,000 medical practitioners based in the US. The Cybernews research team believes that the data could have come from a third-party service provider breach.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked