CyberNews experts discovered a confidential database containing the health insurance data of Humana customers.
The SQL database, which was leaked on a hacker forum, contained the details of about 6,000 patients. The leaked data reportedly contains the names, medical treatment data, email addresses, passwords, and more dating back to 2019.
Humana, the third-largest health insurance company in the US, was a victim of a data breach before. In 2020, the company reported to its 65,000 health plan members that a subcontractor’s employee disclosed medical records to unauthorized individuals.
Regarding the new breach, according to one of the forum members who’ve seen the data, the database contained information from 2020, and not 2019 as the post author claimed.
The database contains more than 823,000 rows and 97 tables. The data in the leaked database reportedly contains highly sensitive patient information of 6,487 US-based individuals. Examples of the data are as follows:
Full names, Patient IDs, Email addresses, Street addresses, ZIP codes, Password hashes, Privacy policy confirmation statuses, Medicare Advantage Plan data, Medical treatment data, Links to photos and videos, maybe patient X-rays, CT scans, insurance document scans, and more.
The database also appears to contain private API calls to various functions which can be abused by threat actors.
The SQL database was made available for free on July 16 through a WeTransfer link. It is safe to assume that multiple people have accessed the database, including malicious actors.
With this wealth of sensitive information, a bad actor could easily exploit it to conduct spear-phishing and/or spam campaigns, file fraudulent insurance claims, commit identity theft, and more.
If you’re a Humana customer, you might have had your medical data leaked. In their report, CyberNews researchers recommend a number of mitigations that you can take.
