Gemotest medical laboratory data breach
A database from Russian medical-testing chain Gemotest was offered on a hacking forum, with sellers claiming data on 31 million clients — names, passport and insurance numbers, dates of birth, addresses, phone numbers and email addresses. Have I Been Pwned later indexed about 6.3 million unique email addresses from the leak.
- Victim
- Gemotest
- records
- 31.0M
- users
- 31.0M
In spring 2022, a database belonging to Gemotest, one of Russia's largest networks of private medical-testing laboratories, surfaced for sale on a hacking forum. Sellers claimed it contained records on roughly 31 million clients, making it one of the most serious healthcare-data exposures in the country.
What happened
Gemotest operates hundreds of collection points across Russia and neighbouring states, performing large volumes of diagnostic blood tests and other lab work. A copy of its client database was exfiltrated around April 2022 and, on 4 May 2022, advertised on a darknet/hacking forum.
The leaked dataset reportedly included a deeply sensitive mix of identity and contact fields:
- Full names and dates of birth
- Passport numbers and insurance (policy) numbers
- Home addresses, phone numbers and email addresses
When the breach was later indexed by the breach-notification service Have I Been Pwned, it identified about 6.3 million unique email addresses within the data — the verifiable lower bound against the 31-million client figure claimed by the sellers, which also counts records without an email address.
Impact
- Claimed exposure of about 31 million clients of a healthcare provider.
- The combination of passport numbers, insurance numbers and home addresses is precisely the toolkit needed for identity theft and benefits fraud, and the medical context adds the risk of targeted phishing and extortion.
- The data circulated quietly before being leveraged in scam and phishing campaigns aimed at Russian-speaking victims.
Context
The Gemotest leak was part of a wave of large breaches at Russian internet and service companies in 2022, alongside Yandex.Eda, the SDEK courier service and others. Several occurred against the backdrop of the war in Ukraine, which drew increased attention from hacktivists and criminal actors to Russian targets, and exposed how lightly many Russian firms had been penalised for poor data protection.
Why it matters
Healthcare and identity data is among the most damaging to lose because, unlike a password, a passport number or date of birth cannot be reset. The Gemotest breach underscored the systemic exposure of Russian personal data in 2022 and became one of the data sets most commonly cited when arguing for stricter, turnover-scaled penalties for data leaks under Russian law — reform that gathered momentum precisely because of cases like this one.
Timeline
A database attributed to Gemotest is exfiltrated and begins circulating among threat actors.
Sellers advertise the Gemotest database on a darknet/hacking forum, claiming data on roughly 31 million clients.
Russian media report the leak; the dataset is described as including passport and insurance numbers alongside contact details.
Have I Been Pwned indexes the breach, identifying about 6.3 million unique email addresses among the records.
Sources
- haveibeenpwned.comhttps://haveibeenpwned.com/breach/Gemotest
- blogh1.comhttps://blogh1.com/en/2022/05/04/a-database-with-data-of-31-million-clients-of-the-gemotest-medical-laboratory-was-put-up-for-sale-on-the-darknet/
- heroic.comhttps://heroic.com/darkhive-breaches/gemotest-ru-breach-6-million-patient-records-dark-web/