A threat actor claims to have leaked a database from the Manila Health Department, containing sensitive patient and employee records. The compromised data reportedly includes usernames, names, dates of birth, appointment details, and 19,000 unique email addresses.
According to the threat actor, the breach occurred in July 2024 and was initially brought to attention by a group called “The Nexus Squad.” The stolen data was subsequently listed for sale on a prominent hacking forum. In addition to the personal information, the breach also exposed passwords in MD5 hash format, further heightening security concerns.
The exposed database includes detailed patient records with fields such as ID, username, password, role, first and last names, health center affiliations, email addresses, dates of birth, and more. The breach represents a significant compromise of the Manila Health Department’s services, raising serious concerns about the protection of sensitive health information in the region.
