A threat actor has allegedly leaked a massive database belonging to the Cayetano Heredia National Hospital, a major government-affiliated medical institution in Peru. The breach was announced on a dark web forum, where the actor claims to be selling 20GB of data containing the records of approximately 2 million people. The Cayetano Heredia National Hospital is a key healthcare provider in Lima, serving a large population and functioning as a teaching hospital, making this incident a significant threat to public and patient privacy.
The compromised data allegedly contains a vast amount of highly sensitive personal and medical information. According to the forum post, the leak includes 14 files with various data types. The exposure of such detailed records could lead to identity theft, fraud, and targeted phishing attacks against the individuals whose information was compromised. The threat actor also released samples of the data to prove the legitimacy of the breach.
The leaked data allegedly includes:
- IDs, including national identification numbers (DNI)
- Full names
- Email addresses
- Phone numbers
- Dates of birth (DOB)
- Physical addresses
- Insurance details and SIS (Seguro Integral de Salud) contracts/plans
- Patient visit details
- Internal credentials
- Inventory information
