Thousands of Humana customers have their medical data leaked online by threat actors

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana.

An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum.

The author of the post claims that the data was acquired from US insurance giant Humana and includes detailed medical records of the company’s health plan members dating back to 2019. The leaked information includes patients’ names, IDs, email addresses, password hashes, Medicare Advantage Plan listings, medical treatment data, and more.

GUaDBKv4qCAbVLHV13YCFd2d3tEOJnnQGO60KTy9x1pH2noj5N9vFo8 csCGHva7uq4pZ8cuohPy9LmzDwoS4hnnSBXRN0RntHNhEt93Vc7fsLtutDZFQQ IvB42 W6m8dYWZ67T

The leak comes more than four months after Humana, the third-largest health insurance company in the US, notified 65,000 of its health plan members about a security breach where “a subcontractor’s employee disclosed medical records to unauthorized individuals” between October 12, 2020, and December 16, 2020. In May, one of the patients affected by the breach filed a lawsuit against the company.

On July 18, we reached out to Humana to verify that the data belonged to them, but they have not responded yet.

One of the forum members who downloaded the database claims that the archive contains information from 2020, and not 2019, as suggested by the leaker. If the forum member’s claims are true, the leaked database might potentially be part of the 2020 breach. 

With that said, the data found in the samples posted by the leaker mostly comes from 2019, which may indicate that it has no connection to the former incident and might have been acquired separately.

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.

What was leaked?

The leaked SQL database contains more than 823,000 rows of data divided into 97 tables. Some of the tables appear to store highly sensitive patient information of US-based 6,487 individuals, including:

  • Full names
  • Patient IDs
  • Email addresses
  • Street addresses with ZIP codes
  • Password hashes
  • Privacy policy confirmation statuses
  • Medicare Advantage Plan data
  • Medical treatment data
  • Links to photos and videos, some of which may include patient X-rays, CT scans, insurance document scans 

Examples of leaked data included in the samples:

9XC2qdGbUiPJysCRVLV9bnYNfmNlOZkubKXZ1E6OnivT F 1lUep53B

(Medicare Advantage Plan listings)

TO iHIKYn3NQMLQYV5XrQsstd Y lW1kmysyF DZf2I5tg0bDQbzXHP7G I5TCYWA7TvDtRRcLdWdWz l6gOjZ4BZGGq8ND13QVyStt50 NJ

(Drug prescription listings)

In addition, the database appears to contain API calls to various functions, all of which include private API keys that could be used by threat actors to access other online services used by Humana and/or its partners.

Who had access to the data?

Since the SQL database was made freely available via a WeTransfer link on July 16, it’s safe to assume that multiple users of the hacker forum where it was posted had access to the data.

The question of how many malicious actors actually accessed it remains, and of that, how many are using that data for their cybercriminal activities. It’s also unclear for how long the database has been in the leaker’s possession before it was posted on the hacker forum.

We notified WeTransfer about the incident and will update the article as soon as the link to the leaked database is removed.

What’s the impact?

With the wealth of highly sensitive personal information contained within this database, a bad actor may be able to:

  • Target patients with spear-phishing and/or spam campaigns
  • File fraudulent insurance claims
  • Use the victims’ health insurance
  • Exploit or extort patients based on their health information
  • Collect, collate, and share this medical data with other malicious actors
  • Commit identity theft

If you’re a customer of Humana, there’s a chance your medical data has been leaked. Give a look here to see recommendations provided by CyberNews researchers:

https://cybernews.com/news/humana-insurance-customers-medical-data-leaked/

About the author: CyberNews Team

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Humana)

The post Thousands of Humana customers have their medical data leaked online by threat actors appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source