Accord Salud

We're seeing a disturbing trend of healthcare data breaches in Latin America. While large-scale ransomware attacks grab headlines, smaller leaks of patient data quietly circulate, creating a persistent risk. Our team discovered one such instance involving Accord Salud, a prominent Argentinian healthcare provider. What struck us wasn't the sheer volume of records – although substantial – but the specific combination of national ID numbers (DNI), medical diagnoses, and treatment details exposed together. This confluence creates fertile ground for identity theft and targeted social engineering attacks.

Accord Salud Breach: 1.5 Million Records Offer Detailed Patient Insights

The breach involves approximately 1.5 million records, painting a comprehensive picture of patients within the Accord Salud network. We initially identified the exposed database on a relatively obscure Telegram channel known for trading in leaked South American datasets. The initial post advertised a "full Accord Salud database" with proof-of-access screenshots. The data appears to have been circulating for approximately two weeks before our team flagged it, suggesting a slow burn rather than a rapid fire sale. What makes this breach particularly concerning is the inclusion of Argentinian Documento Nacional de Identidad (DNI) numbers alongside highly sensitive medical information. This combination significantly increases the potential for misuse. This incident underscores the ongoing challenge healthcare providers face in securing patient data, particularly in regions with evolving cybersecurity landscapes.

Breach Stats:
* **Total records exposed:** Approximately 1.5 million
* **Types of data included:** Full names, DNI (Argentinian National ID) numbers, dates of birth, addresses, phone numbers, email addresses, medical diagnoses (ICD codes), treatment details, insurance plan information, and internal patient IDs.
* **Sensitive content types:** PII, medical records, insurance data.
* **Source structure:** The data was presented as a well-structured JSON dump, suggesting a direct export from a database.
* **Leak location:** Telegram channel.

Adding context, a similar incident involving the theft of 500GB of data from Argentinian health insurer Swiss Medical Group occurred in February 2024, reportedly impacting over 600,000 people, according to *DataBreaches.net*. While we haven't confirmed a direct link between the two incidents, the timing and geographic proximity raise concerns about a potential coordinated campaign targeting Argentinian healthcare providers. Security Affairs *reported* that the Swiss Medical Group breach was claimed by the Rhysida ransomware group. The Accord Salud data leak, while not attributed to ransomware (at least not yet), highlights the systemic vulnerabilities within the sector. A post on a cybercrime forum stated, "AR healthcare is easy pickings. Weak security, valuable data." We have archived the Telegram post and a related discussion thread on a Russian-language cybercrime forum.

Email · Address · Password · Hash