-
Threat actor claims to possess multiple databases belonging to Guatemala’s Ministry of Public Health.
-
Alleged datasets include HIV records, birth registrations, death records, and epidemiological surveillance information.
-
Experts warn that exposure of medical and civil registry data could create long-term privacy and security risks.
A threat actor has allegedly obtained and is offering for sale what they describe as a comprehensive collection of databases belonging to Guatemala’s Ministry of Public Health, raising serious concerns over the potential exposure of highly sensitive medical and civil registry information.
According to a post circulating on a cybercrime forum, the actor claims to have gained extensive access to multiple health information systems operated by the Guatemalan government rather than a single isolated database.
The listing, titled “Guatemalan Ministry of Public Health, Complete Database (Surveillance, HIV, Births and Deaths),” describes what the seller calls a “detailed clinical diagnosis” of the ministry’s infrastructure.
The actor wrote that the ministry’s security practices were allegedly so weak that “breaking in was easier than prescribing a painkiller,” claiming the organization had left critical systems exposed.
While the authenticity of the data and the extent of the alleged compromise remain unverified, the information presented in the post suggests access to several highly sensitive health and demographic databases.
Multiple Health Systems Allegedly Exposed
The forum post outlines four major datasets that the threat actor claims to possess.
The first dataset, identified as “Epidiary” and described as epidemiological surveillance and outbreak monitoring information, allegedly contains report dates, health districts, diagnoses, municipalities, patient conditions, laboratory sample information, alerts, and outbreak activity.
A second dataset reportedly involves HIV and B24-X patient information. According to the listing, the database contains approximately 12,647 records and includes patient names, sex, dates of birth, unique patient codes, care dates, counseling information, laboratory testing results, diagnosis dates, healthcare regions, and assigned medical centers.
The actor also claims to possess a death registry database containing names of deceased individuals, ages, causes of death, dates and times of death, residences, medical diagnoses, locations of death, assistance provided, and details regarding certifying physicians.
Perhaps most concerning is the alleged birth registration database. According to the post, the records include newborn names, birth dates, birth weights, delivery information, names and residences of parents, legal guardians, family history, and information regarding medical staff involved in deliveries. The threat actor stated that they had obtained “the entire lifecycle of their healthcare system.”
Highly Sensitive Data Raises Serious Concerns
If verified, the incident would represent one of the most significant exposures of protected health information in the region.
Unlike traditional data breaches involving usernames or passwords, healthcare and civil registry records often contain information that cannot easily be changed, including medical histories, family relationships, birth records, and mortality information.
Security analysts note that such information can be valuable to cybercriminals, identity thieves, and fraud actors. The combination of medical diagnoses, demographic information, family relationships, and official records may enable identity theft, social engineering attacks, discrimination, blackmail, and long-term profiling of individuals and families.
The alleged exposure of HIV-related records is particularly concerning because of the sensitivity of the information involved. Unauthorized disclosure of infectious disease records can lead to privacy violations, stigma, and potential discrimination.
The sensitivity of such data has made healthcare systems a prime target, in France, hackers claimed a massive leak of healthcare data, raising similar concerns about patient privacy and stigmatization.
Birth and death registries also represent critical government records that are often used to verify identities and establish legal documentation.
Government Yet to Respond
At the time of publication, Guatemalan authorities have not publicly confirmed the alleged breach, and there has been no official statement regarding the authenticity of the data. The source of the alleged compromise also remains unknown.
Healthcare institutions and government agencies have increasingly become targets for cybercriminal groups because of the value of medical and identity information.
Analysts caution that underground forum posts frequently contain exaggerated or misleading claims. However, if the allegations prove accurate, the incident could have significant consequences for patient privacy, government trust, and national health infrastructure.
The case also highlights the growing risks facing public health systems worldwide, where aging infrastructure, limited cybersecurity resources, and large concentrations of sensitive data continue to attract threat actors seeking valuable information.