ALAB Laboratoria ransomware data leak
The RA World ransomware gang breached Poland's nationwide ALAB Laboratoria medical-lab network, stealing patient test results and PESEL identity numbers. ALAB refused to pay, and the criminals published sensitive medical data on tens of thousands of patients in what became Poland's largest medical data breach.
- Victim
- ALAB Laboratoria
- records
- 50.0K
- users
- 50.0K
In November 2023, ALAB Laboratoria, one of Poland's largest networks of medical diagnostic laboratories, suffered a ransomware attack that exposed the sensitive medical records of tens of thousands of patients — widely described as the largest leak of medical data in Polish history.
What happened
On or around 19 November 2023, the RA World ransomware gang (formerly operating as RA Group) penetrated ALAB's IT systems, encrypting machines that held sensitive patient data and exfiltrating large volumes of records before demanding a ransom for decryption and non-publication. ALAB publicly confirmed the incident on 27 November 2023 and notified Poland's data-protection authority (UODO) and law enforcement.
ALAB declined to negotiate with the attackers. In retaliation, the gang began publishing stolen data online at the end of November.
Impact
- The published data related to roughly 50,000 patients who had tests performed at ALAB laboratories between 2017 and 2023.
- Leaked records included full names, PESEL national identity numbers, home addresses, and complete laboratory test results — among the most sensitive categories of personal data.
- The criminals claimed to have exfiltrated around 5 GB of medical data plus 1 GB of ALAB contracts, and threatened to dump a further 246 GB of patient PDF and XML files if no ransom was paid.
- Because PESEL numbers are used across Polish banking, healthcare, and government services, victims faced a heightened risk of identity theft and fraudulent credit applications.
Response
ALAB maintained its refusal to pay and worked with Polish authorities, including CERT Polska, on incident response and victim notification. Public guidance urged affected patients to freeze their PESEL numbers — a mechanism that blocks new credit agreements from being signed in a victim's name — to mitigate downstream identity-fraud risk. The breach intensified scrutiny of cybersecurity standards across Poland's private healthcare sector.
Why it matters
The ALAB breach demonstrated how double-extortion ransomware against healthcare providers weaponises the most intimate data citizens hold. Unlike credential dumps, leaked diagnostic results and identity numbers cannot be "reset," exposing patients to permanent privacy harm and lasting fraud risk. The incident became a national case study in the consequences of inadequate medical-data protection and accelerated debate over mandatory breach safeguards and identity-protection tooling in Poland.
Timeline
ALAB Laboratoria detects a ransomware intrusion by the RA World gang affecting systems holding sensitive patient data.
ALAB publicly confirms the cyberattack and reports it to the Polish data-protection authority (UODO) and law enforcement.
Having refused to negotiate, ALAB sees the attackers begin publishing stolen medical data online, including test results and PESEL numbers.
RA World threatens to release a further 246 GB of patient PDF and XML files if no ransom is paid, escalating the extortion.
Polish authorities and CERT Polska assist affected patients; advice issued on PESEL-number freezes to prevent identity fraud.
Sources
- breachsense.comhttps://www.breachsense.com/breaches/alab-data-breach/
- medexpress.plhttps://www.medexpress.pl/en/patient/huge-leak-data-medical-hackers-published-results-of-research-50-thousand-patients/
- avlab.plhttps://avlab.pl/alab-laboratoria-zaatakowane-przez-gang-ransomware-ra/
- politykazdrowotna.comhttps://politykazdrowotna.com/artykul/wyciek-danych-alab/1208274