DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MedSave Health Insurance TPA hacked; firm has yet to comment or respond

Posted on January 17, 2025January 17, 2025 by Dissent

The individual known as “0mid16B” has been busy, it seems. They contacted DataBreaches on Wednesday to announce that they had hacked  MedSave Health Insurance TPA Ltd (“MedSave”). MedSave is  a third party administrator in India that partners with more than 10 insurance companies, processing and settling claims submitted by hospitals or insured members. MedSave lists 5,000 hospital networks that they work with.  They are considered one of the biggest TPAs in India.

“In total, I stole 561 gigabytes of databases,” 0mid16B wrote. “Corporate, accounting, employees, sales and personal/health data of 10,617,943 people.” They attached a screenshot showing a directory of .ldf and .mdf files and several .csv files as proof of claims.

List of directories. Image: Provided

 

One .csv file that DataBreaches inspected appeared to contain a wealth of employee information with the following fields:

ID EMPCODE FNAME MNAME LNAME GENDER DOB NATIONALITY MSTATUS PHONE CELL EMAIL LSTREET1 LSTREET2 LCITY LSTATE LPINCODE PSTREET1 PSTREET2 PCITY PSTATE PPINCODE DESIGNATION DEPARTMENT STATUS DOJ DOL SALARY FCDT FCBY LUDT LUBY SPOUSENM ANIVERSARYDT SPOUSEDOB NOFCHILD FATHERNM MOTHERNM PROOF IdNo BRID REFNM REFADD REFCONTACT SPECREM COMPANY PHOTO PHOTOPATH IPADD REASON

Not all the fields were populated, but many were. A spot-check of some employees’ names revealed that they were executives of MedSave.

The first part of an employee-related database included the employee’s first and last names, address, email address, gender, and marital status. Image: DataBreaches.net.

 

Other fields in the same database included the employee’s salary, their spouse’s name, the number of children they have, their father’s and mother’s name, and type of proof of identity.  Image: DataBreaches.net

The data, 0mid16B wrote, were current as of January 8, 2025.

On inquiry, 0mid16B would not reveal how they gained access but claimed that MedSave had not detected them initially. “I still have access,” they claim, adding, “In fact, I went in and killed their system 3 times between 12th Jan to 15th Jan.”

0mid16B also did not reveal how much they demanded, but it sounds like they never even got to tell MedSave the amount.  “I left a note on their server and sent them an email, but without monetary demand. I waited for them to respond for 72 hours. There was no response until today. They tried to recover the system but I killed it each time they tried.”

DataBreaches asked 0mid16B if they had any comment on MedSave’s security. They replied:

“This company served more than 10 million customers. Yet they do not even bother to have AV installed. I breached in since 31st Dec and remained undetectable until i informed them on 12th Jan. The SOP should be bringing the server offline and investigate the root of breach but this company brought it back online with the vulnerabilities still intact. Until today, i still have access. Transferred more than 560 GB of data out of their server within a matter of a few days, it should be a red flag automatically based on outgoing bandwidth, but nothing was flagged or limited in the eyes of their sysadmin.”

MedSave’s site has been unreachable, returning a “403 Forbidden” response. DataBreaches sent the firm a message via their LinkedIn account on Wednesday, telling them what 0mid16B claimed and asking if they had any comment or response. That was followed by an email to their domain email account in case email could get through.

No reply has been received by publication. 0mid16B says that they intend to sell some of the data and leak the non-customer data.

This post will be updated if MedSave responds.

 

Related posts:

  • Today’s insider threat: Ardyss edition
Category: Breach IncidentsHackHealth DataNon-U.S.

Post navigation

← HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $10,000
FBI Warned Agents It Believes Phone Logs Hacked Last Year →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.