Thousands of Humana Customers Have Their Medical Data Leaked Online

Thousands of Humana Customers Have Their Medical Data Leaked Online

CyberNews experts discovered a confidential database containing the health insurance data of Humana customers.

The SQL database, which was leaked on a hacker forum, contained the details of about 6,000 patients. The leaked data reportedly contains the names, medical treatment data, email addresses, passwords, and more dating back to 2019.

Humana, the third-largest health insurance company in the US, was a victim of a data breach before. In 2020, the company reported to its 65,000 health plan members that a subcontractor’s employee disclosed medical records to unauthorized individuals.

Regarding the new breach, according to one of the forum members who’ve seen the data, the database contained information from 2020, and not 2019 as the post author claimed.

The database contains more than 823,000 rows and 97 tables. The data in the leaked database reportedly contains highly sensitive patient information of 6,487 US-based individuals. Examples of the data are as follows:

Full names, Patient IDs, Email addresses, Street addresses, ZIP codes, Password hashes, Privacy policy confirmation statuses, Medicare Advantage Plan data, Medical treatment data, Links to photos and videos, maybe patient X-rays, CT scans, insurance document scans, and more.

The database also appears to contain private API calls to various functions which can be abused by threat actors.

The SQL database was made available for free on July 16 through a WeTransfer link. It is safe to assume that multiple people have accessed the database, including malicious actors.

With this wealth of sensitive information, a bad actor could easily exploit it to conduct spear-phishing and/or spam campaigns, file fraudulent insurance claims, commit identity theft, and more.

If you’re a Humana customer, you might have had your medical data leaked. In their report, CyberNews researchers recommend a number of mitigations that you can take.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.