Incident Overview

A threat actor using the handle Heiz is selling a database containing over 150,000 patient records allegedly extracted from a US medical clinic. The data is described as up-to-date and personally extracted by the actor, stored in a 460MB SQLite database file. The listing appeared on a Russian-language hacking forum in the Access section for FTP, shells, roots, SQL injections, databases, and dedicated servers.

The dataset reportedly contains highly sensitive patient information including social security numbers, dates of birth, full names, phone numbers, email addresses, medical diagnoses, prescribed medications, and treating physician details. The actor is offering the data in full or in parts, with options for full patient files or leads consisting of files plus contact information. Pricing starts at $10 per record, with the sale restricted to a single buyer and no reselling or public posting allowed.

The threat actor emphasizes that the database was extracted personally and has only been touched by them, positioning this as a fresh, exclusive dataset. They also express interest in cooperating with developers, suggesting potential plans to further monetize or exploit the data.