A threat actor has allegedly posted for sale the database of Universantal, a Russian entity that is part of the “CSM-Santal” group of companies operating medical clinics and professional education centers across Russia. The Santal group has a significant presence in the country’s healthcare and medical education sectors, with facilities in cities such as Tomsk, Krasnodar, and Novosibirsk. This breach could potentially impact a large number of patients and medical professionals who have interacted with their services.
The data was advertised on a dark web forum and is said to contain 493,000 lines of sensitive information. The actor claims the database includes a wide range of personally identifiable information (PII) and protected health information (PHI). The leak of such detailed records, especially the inclusion of the SNILS (the Russian individual insurance account number), poses a severe risk of identity theft, fraud, and other malicious activities for the individuals affected.
The compromised data allegedly includes the following details:
- Registration codes
- Patient full names
- Gender and date of birth
- SNILS (Russian social security number)
- Phone numbers and email addresses
- Document details
- Home and workplace addresses
- Other miscellaneous information