Anonymous hackers have claimed on an underground forum that they have hacked Maida.health, a provider of digital healthcare solutions in Brazil, and stolen over 2 terabytes of data, allegedly containing medical records of military police officers and their families. If confirmed, the leak would have serious implications for the privacy and security of employees.
According to the hackers, the stolen data included cardiology, neurology, and gynecology records, identification cards, medical bills, administrative protocols, regulatory certificates, and other clinical patient data.
Experts warn that with PII and diagnoses, attackers can engage in identity theft and medical fraud — for example, obtaining medical treatment or prescription drugs in the name of victims. The Brazilian Military Police is a uniformed force that patrols the streets and is responsible for public order in the states and the Federal District; it is effectively the first line of law enforcement presence.
Maida.health reports 45.9 million $ in revenue and provides digital solutions and AI automation for the healthcare industry: from insurance claims management and billing to telemedicine.
The healthcare sector is under pressure globally: mistakes by providers and third parties have repeatedly led to massive leaks and the openness of medical equipment on the Internet.
If the leak is real, the risks to employees and their families are critical: the combination of personal and medical data creates the ground for targeted attacks, blackmail, and financial fraud. Urgent action is required from Maida.health and potential customers: isolation of systems, audit of access, reset of keys, notification of victims, monitoring of fraudulent requests and strengthening DLP segmentation in the supply chain.
