- Maida.
- Cyber criminals advertised stolen items including diagnostics, ID cards and health contracts online online
- Healthcare is still a top target due to sensitive data and risk of identity theft or fraud
Maida.health, a Brazilian health technology company, reportedly suffering a data violation in which it lost more than 2 TB of data on the country’s military police.
A threat actor recently released a new thread on an underground forum announcing 2.3 terabytes of data from Maida.health, including the Health Register of the Brazilian military police, identification cards and other details as well as medical reports.
“This data includes all medical services and management of health contracts in the Brazilian health system, especially the Brazilian military police,” the post reads. “It specifically covers diagnostic and treatment services such as cardiology, neurology, gynecology and more, including patient details, identification cards and medical items for both staff and their families.”
Identity theft and medical fraud
So far, there has been no confirmation of the authenticity of the requirements. The attacker issued a sample that is not yet to be analyzed by security researchers who allegedly include invoices for medical treatment, administrative protocols, regulatory certificates and clinical patient data.
In his writing, Cygenerws Explained how the data can be abused: “When this type of data is leaked, they can often lead to identity theft or medical fraud. For example, criminals can try to emulate the victim to receive medical treatment or try to get prescription drugs in the victim’s name,” the researchers said.
This is not the first time that the citizens of Brazil were leaking their sensitive data. In fact, at one point at the beginning of 2024, the entire Brazilian population was potentially at risk, as researchers found an unprotected database that had personal information about approx. 223 million Brazilians.
Given that in 2021 data, Brazil has 214 million people, it could be that information about the entire population of Brazil was contained in this database.
Due to the sensitivity of the information generated, the health industry is considered largely among the most targeted.
Via Cygenerws
