Threat Actor: post | post
Victim: Manila Health Department | Manila Health Department
Price: $150 (negotiable)
Exfiltrated Data Type: Patient and employee records
Key Points :
- Over 16,000 patient records and more than 800 employee records were compromised.
- The data includes sensitive information such as full names, contact details, medical histories, and treatment details for patients.
- Employee data includes usernames, email addresses, passwords, license numbers, and health center affiliations.
- The breach raises significant concerns regarding identity theft, phishing attacks, and the safety of healthcare professionals.
- The Manila Health Department has not yet released an official statement regarding the breach.
- Affected individuals are advised to monitor their accounts and update passwords, as well as implement multi-factor authentication.
Manila, Philippines – A data breach has compromised the Manila Health Department’s database, containing sensitive patient and employee information. The data has been listed for sale on a dark web forum, raising substantial concerns regarding data privacy and security.
Details of the Breach
A user identified as “post” announced the breach early this morning, revealing that the database contains over 16,000 patient records and more than 800 employee records. The data is being offered for $150 in cryptocurrency, with the seller open to negotiation.
The compromised data includes:
Patient Information:
- Full names
- Contact details
- Medical histories
- Treatment details
Employee Information:
- Full names
- Usernames
- Email addresses
- Passwords
- License numbers
- Dates of birth
- Gender
- Civil status
- Addresses
- Employee IDs
- Health center affiliations
- Phone numbers
- Roles (e.g., Admin, Doctor, Pharmacist, Nurse, Dentist)
- Employment status (active or inactive)
- Photos and photo paths
The detailed personal and professional data exposed in this breach poses significant risks, including identity theft, phishing attacks, and potential threats to the safety of healthcare professionals. The leak of patient information can have far-reaching consequences, potentially affecting the privacy and security of thousands of individuals.
Response from the Manila Health Department
As of this writing, the Manila Health Department has not released an official statement regarding the breach. It is anticipated that the organization will soon address the incident, detail the security measures being taken, and provide guidance to affected individuals.
Recommended Actions for Affected Individuals
Affected individuals are advised to monitor their accounts for any unusual activity and update passwords for all online accounts. Implementing multi-factor authentication (MFA) wherever possible can add an extra layer of security. It is also important to exercise caution with unsolicited emails or messages requesting personal information to avoid phishing attempts.