DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MedSave Health Insurance TPA hacked; firm has yet to comment or respond

Posted on January 17, 2025January 17, 2025 by Dissent

The individual known as “0mid16B” has been busy, it seems. They contacted DataBreaches on Wednesday to announce that they had hacked  MedSave Health Insurance TPA Ltd (“MedSave”). MedSave is  a third party administrator in India that partners with more than 10 insurance companies, processing and settling claims submitted by hospitals or insured members. MedSave lists 5,000 hospital networks that they work with.  They are considered one of the biggest TPAs in India.

“In total, I stole 561 gigabytes of databases,” 0mid16B wrote. “Corporate, accounting, employees, sales and personal/health data of 10,617,943 people.” They attached a screenshot showing a directory of .ldf and .mdf files and several .csv files as proof of claims.

List of directories. Image: Provided

 

One .csv file that DataBreaches inspected appeared to contain a wealth of employee information with the following fields:

ID EMPCODE FNAME MNAME LNAME GENDER DOB NATIONALITY MSTATUS PHONE CELL EMAIL LSTREET1 LSTREET2 LCITY LSTATE LPINCODE PSTREET1 PSTREET2 PCITY PSTATE PPINCODE DESIGNATION DEPARTMENT STATUS DOJ DOL SALARY FCDT FCBY LUDT LUBY SPOUSENM ANIVERSARYDT SPOUSEDOB NOFCHILD FATHERNM MOTHERNM PROOF IdNo BRID REFNM REFADD REFCONTACT SPECREM COMPANY PHOTO PHOTOPATH IPADD REASON

Not all the fields were populated, but many were. A spot-check of some employees’ names revealed that they were executives of MedSave.

The first part of an employee-related database included the employee’s first and last names, address, email address, gender, and marital status. Image: DataBreaches.net.

 

Other fields in the same database included the employee’s salary, their spouse’s name, the number of children they have, their father’s and mother’s name, and type of proof of identity.  Image: DataBreaches.net

The data, 0mid16B wrote, were current as of January 8, 2025.

On inquiry, 0mid16B would not reveal how they gained access but claimed that MedSave had not detected them initially. “I still have access,” they claim, adding, “In fact, I went in and killed their system 3 times between 12th Jan to 15th Jan.”

0mid16B also did not reveal how much they demanded, but it sounds like they never even got to tell MedSave the amount.  “I left a note on their server and sent them an email, but without monetary demand. I waited for them to respond for 72 hours. There was no response until today. They tried to recover the system but I killed it each time they tried.”

DataBreaches asked 0mid16B if they had any comment on MedSave’s security. They replied:

“This company served more than 10 million customers. Yet they do not even bother to have AV installed. I breached in since 31st Dec and remained undetectable until i informed them on 12th Jan. The SOP should be bringing the server offline and investigate the root of breach but this company brought it back online with the vulnerabilities still intact. Until today, i still have access. Transferred more than 560 GB of data out of their server within a matter of a few days, it should be a red flag automatically based on outgoing bandwidth, but nothing was flagged or limited in the eyes of their sysadmin.”

MedSave’s site has been unreachable, returning a “403 Forbidden” response. DataBreaches sent the firm a message via their LinkedIn account on Wednesday, telling them what 0mid16B claimed and asking if they had any comment or response. That was followed by an email to their domain email account in case email could get through.

No reply has been received by publication. 0mid16B says that they intend to sell some of the data and leak the non-customer data.

This post will be updated if MedSave responds.

 

Category: Breach IncidentsHackHealth DataNon-U.S.

Post navigation

← HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $10,000
FBI Warned Agents It Believes Phone Logs Hacked Last Year →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.