Threat Actor Advertises Alleged CareSpan Clinic Data Breach
Manila, Philippines – A threat actor under the alias "Empire" has allegedly put up for sale a database belonging to CareSpan Clinic (carespanclinic.ph) on an underground cybercrime forum. The post, dated February 11, 2025, claims that 25,614 records from the healthcare platform have been compromised and are now available for purchase.
https://iili.io/2mS7tLl.png
The data breach, according to the post, allegedly occurred on December 5, 2024. The exposed information reportedly includes:
• Client names (full name, last name, first name)
• Usernames
• Date of birth (DOB)
• Medical Record Number (MRN) / Public ID
• User type and account status
• Account creation date
• Gender and specialty
• Email addresses and phone numbers
• Employer and job title
The forum post was published by "Empire," a high-ranking user in the forum with a “GOD User” status, indicating credibility within the cybercriminal community. The listing states that the dataset is available for $50, payable exclusively via Monero (XMR), a privacy-focused cryptocurrency commonly used in illicit transactions. The seller also offers a middleman service for buyers seeking additional security in the transaction.
A sample dataset was included in the listing, but the actual contents have not been publicly disclosed beyond what is described in the post.
If authentic, the breach could pose serious risks to CareSpan Clinic's patients and stakeholders. Exposed personally identifiable information (PII) could lead to identity theft, phishing attacks, and fraudulent activities. Additionally, the leak of medical record numbers and job-related details raises concerns about targeted scams and unauthorized medical access.
As of this writing, CareSpan Clinic has not issued an official statement regarding the alleged breach. It remains unclear whether they are aware of the incident or have initiated an internal investigation.
![[Breach Alert] TechFactors Inc. Database Allegedly Leaked](https://iili.io/2DZnCfS.png)
