Alleged Sale of HMG Patient Database Highlights Ongoing Cybersecurity Risks Facing the Healthcare Sector

A threat actor has claimed to be selling an alleged database belonging to HMG (Health Medical Group), one of Saudi Arabia’s largest healthcare providers. According to a post on an underground cybercrime forum, the alleged database contains 452,578 patient records and is being offered for $2,500.

The dataset reportedly includes patient names, national identification numbers, dates of birth, email addresses, mobile phone numbers, appointment details, billing records, preferred language, geolocation data, medical reports, biological information, and healthcare service details.

At the time of publication, there is no official confirmation that HMG has experienced a cybersecurity breach, and the authenticity of the alleged dataset has not been independently verified.

If confirmed, the exposure of this information could have serious consequences for both patients and healthcare organizations. Medical records are among the most valuable assets traded on underground forums because they combine personal identity, financial information, and sensitive health data in a single record. Such information may be exploited for identity theft, insurance fraud, highly targeted phishing campaigns, social engineering attacks, financial fraud, and other cyber-enabled crimes.

The reported asking price of $2,500 also reflects a common trend within underground cybercrime marketplaces, where large datasets are often sold at relatively low prices to attract multiple buyers and maximize the distribution of stolen information.

Although the authenticity of the alleged database remains unconfirmed, the incident highlights the continued targeting of the healthcare sector by cybercriminals. Healthcare organizations manage vast amounts of highly sensitive personal and medical information while delivering essential services, making them attractive targets for financially motivated attackers.

Organizations should strengthen cybersecurity by implementing layered security controls, enforcing multi-factor authentication, applying the principle of least privilege, encrypting sensitive data, continuously monitoring for suspicious activity, and regularly testing incident response and recovery plans. Monitoring cyber threat intelligence and underground forums may also help identify emerging threats before they escalate.

Patients should remain cautious of unexpected emails, phone calls, or text messages claiming to come from healthcare providers. Personal or financial information should only be shared after independently verifying the sender, and any suspicious activity should be reported immediately.

Whether this claim is ultimately confirmed or disproved, it reinforces the importance of protecting healthcare data. Cybersecurity in the healthcare sector is essential not only for safeguarding information systems but also for protecting patient privacy, maintaining public trust, and ensuring the uninterrupted delivery of critical healthcare services.