A massive data leak has compromised the healthcare records of more than eight million Americans.
Cybersecurity researchers found the information was exposed in an unprotected dental marketing database, allowing anyone to see the details online.
The dataset included roughly 2.7 million patient profiles and 8.8 million appointment records.
It included names, dates of birth, addresses, contact details, and sensitive healthcare metadata enough to form a detailed profile of each patient.
Experts warned that the leak is enough for attackers to carry out identity theft for financial gain.
They are also urging Americans to keep a close eye on medical and insurance records for signs of unauthorized activity.
Anyone who has had a dental appointment recently may also want to enroll in an identity theft monitoring service.
It is unclear how long the database remained exposed or who may have accessed it before it was secured.
The dataset included roughly 2.7 million patient profiles and 8.8 million appointment records. It included names, dates of birth, addresses, contact details, and sensitive healthcare metadata enough to form a detailed profile of each patient
Cybernews researchers discovered a third-party entity was behind the leak.
The database lacked basic protections and cybersecurity monitoring, likely due to human error.
The leak has raised concerns about third-party companies handling patient data, as the Health Insurance Portability and Accountability Act (HIPAA) mandates strong security protections for entities that deal with this sensitive information.
And it comes after researchers at cyber watchdog Check Point revealed a staggering 276 million patient records were compromised in 2024.
The report suggested that eight in 10 Americans had some form of medical data stolen last year.
The biggest hack in 2024 was also one of the largest healthcare data breaches in US history, affecting 190 million patients tied to Change Healthcare.
Now, the team at Check Point has identified a new healthcare cyberattack that could expose even more sensitive information than the previous year.
According to the team, cybercriminals are impersonating practicing doctors to trick patients into revealing Social Security numbers, medical histories, insurance details, and other personal data.
Experts warned that the leak is enough for attackers to carry out identity theft for financial gain, urging Americans to keep a close eye on medical and insurance records for signs of unauthorized activity
The phishing campaign has been active since March 20, and researchers estimate that 95 percent of its targets are in the US.
‘In some versions of these phishing emails, cybercriminals deploy images of real, practicing doctors but pair them with fake names,’ the Check Point team reported.
The emails instruct recipients to contact a listed healthcare provider using a specific phone number, which is part of the scam.
Researchers noted that Zocdoc has become a key tool in the attackers’ arsenal, allowing them to use images of real doctors while disguising their identities with fake credentials.
In one case, cybercriminals created a fake profile on Zocdoc using a real doctor’s photo but a fake name and sent a fake pre-appointment message, booking confirmation, and additional instructions.
To safeguard patients’ private information and finances, healthcare organizations are urged to install advanced phishing filters, conduct regular cybersecurity training and mock drills, and equip their IT teams to respond quickly to cyberthreats.
In response to the rise in medical record breaches, a new set of HIPAA regulations was proposed in January 2025.
The goal is to enhance the protection of medical records through stronger data encryption and stricter compliance checks.
The proposed rule is expected to cost $9 billion in the first year and $6 billion annually over the next four years.
Patients affected by data breaches are urged to monitor their financial accounts, request credit reports, and consider placing fraud alerts.
‘Patients are encouraged to review statements from their healthcare providers and report any inaccuracies immediately,’ said Yale New Haven Health.
This article was originally published by a www.dailymail.co.uk . Read the Original article here. .