Unlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Foundational access to breach intelligence. Track breaches, leaks, and threats in real time with high quality screenshots and concise expert summaries.
Continuously updated breach reports and threat summaries.
Daily breach, leak, and DDoS alerts.
Live tracking with JSON export.
Direct access to claims and posts.
Concise summaries of DDoS, defacements, and breaches.
Verified index of dark web sites and services.
Live status of 500+ sites.
Integrated checks inside breach posts.
Uncompressed, watermark free evidence.
Browser alerts for tracked terms.
Stay in the loop across channels.
Verified PGPs for ransomware and threat groups.
🏢 About ProtectHealth
ProtectHealth Corporation is a government-linked company in Malaysia that manages national healthcare programs and patient services, including medical coverage frameworks and health benefit distribution.
⚠ Disclaimer
This report includes actual screenshots and/or text that may include unredacted personally identifiable information (PII) gathered from publicly available sources.
The sensitive information presented within this report is intended solely for cybersecurity awareness and threat intelligence purposes.
📌 Overview
On August 21, 2025, a threat actor using the alias stepbro claimed responsibility for selling a ProtectHealth Malaysia patient database on a darknet marketplace.
The actor states the dataset contains 2,564,318 records of verified and updated patient information. Data allegedly includes full names, dates of birth, contact numbers, identification numbers, program details, and patient account balances.
The actor priced the full database at $800 USD, with test sample packs of 100K–200K records available for $100 USD each.
📊 Key Details
| Attribute | Information |
|---|---|
| Date | 2025-08-21 |
| Threat Actor | stepbro |
| Victim Country | 🇲🇾 Malaysia |
| Industry | Hospital & Health Care |
| Victim Org. | ProtectHealth Corporation |
| Victim Site | protecthealth.com.my |
| Category | Data Breach |
| Severity | Medium |
| Network | Tor |
![IOC Alert: Lumma Stealer C2 Domain Identified – larpfxs[.]top](/content/images/size/w1304/format/webp/2025/08/23985762398576198764252-1.jpg)
