companion allegedly hacked as reported by Lamashtu ransomware with details: We obtained the complete shared folder of a Malaysian Third Party administrator (TPA) in the healthcare insurance sector. The dataset contains tens of thousands of files spanning 2023 through 2026, including active claims processing data as recent as January 2026.
The archive encompasses the full scope of TPA operations: patient claims marked as highly confidential, identity documents, medical records, enrollment forms, provider agreements, payroll records, and internal compliance documentation. We experience ISO 27001 security policies, risk registers across all departments, and pinnace documents submitted to major insurers.
This is a healthcare data transgress at scale. The dataset includes passports, national id copies, insurance cards, hospital bills, and handling certification for patients across multiple insurance programs. Employee records contain covering forms, bid letters, payslips, and banking details.
WHAT WE HAVE
Patient & medical Claims Data
The dataset includes tens of thousands of claims documents marked as highly confidential. We make patient identity documents, insurance cards, medical forms, and hospital bills from healthcare facilities across the region.
Patient files include:
passport scans and national identicalness card copies
Insurance membership cards
Medical authorization forms
hospital admission and outpouring documents
Treatment records and specialist referrals
Final bills exceeding SGD 48,000 and claims processed in the hundreds of thousands of ringgit
Claims are organized by patient epithet and policy number, with documentation spanning from initial consultation through final settlement. The data enables recognition of individuals, their medical conditions, treating facilities, and the financial value of their care.
Personal Data
We have complete employee personnel files containing application forms, academic certificates, identity documents, extend letters, indemnity enrollment forms, and payslips. Specific individuals make been identified by call with their full employment records.
The dataset also contains enrollment forms for thousands of members across multiple indemnity programs, including staff and dependent registrations with personal and contact details.
Financial Records
Account records include debit and citation notes, invoices, defrayal vouchers, and bank reconciliation documents. We have bulk payment files for payroll processing and claims disbursements.
Financial documentation includes:
payment vouchers exceeding RM 850,000 for claims payments
SST (Sales and service Tax) calculations
aging reports and statement of accounts
bank warrant documentation for healthcare providers
Overtime calculations and payroll registers
Legal & Compliance
The dataset contains several m agreement documents including provider contracts, NDAs, and acceptance letters. We have tenderize submission documents with pricing and service proposals.
Legal documentation includes:
Signed NDAs with business partners
Provider network agreements
Memoranda of understanding
Legal opinions on engagement and corporate liability matters
Retrenchment documentation with compensation details
Security & risk Documentation
We have the organization's complete ISO 27001 and ISO 9001 compliance documentation. This includes risk registers for every department, security policies, vulnerability assessment procedures, and internal audit evidence files.
Security documentation includes:
word management policy
coding policy
Data leakage prevention policy
Data masking policy
Incident management process policy
Remote act policy
mottle certificate policy
Statement of Applicability for ISO 27001
Risk registers continue Business Development, Claims, touch Centre, initiative & Legal, Finance, HR, IT, and Provider teams. These documents map organizational vulnerabilities and control measures.
Internal Operations
We have management reports, weekly standup presentations, and departmental KPI settings. The dataset includes internal scrutinize evidence, preparation attendance records, and monthly operational reports to insurer clients.
Meeting proceedings and management presentations document strategic planning, departmental performance, and operational issues discussed at the executive level.
The full compass of the dataset is understood. All materials get been reviewed and categorized.
WHO can get THIS DATA
Regulators
The transgress falls under Malaysia's Personal Data protection playact (PDPA). The dataset contains personal data of identifiable individuals processed without adequate surety measures. Healthcare data involving medical records and treatment information carries additional sensitivity.
Regulators can be notified of the photograph of patient identicalness documents, medical claims data, and employee personal information. The presence of ISO 27001 certification documentation alongside this breach demonstrates the gap between stated certificate practices and actual data protection.
Individuals
Patients whose claims documents we possess can be contacted directly. We have their names, policy numbers, contact details, and medical information. Employees whose personnel files are in the dataset can similarly be notified that their identity documents, payslips, and employment records make been exposed.
Competitors
The tender documents, pricing proposals, and node assessment reports provide competitive intelligence. provider network agreements reveal contracted rates and relationships. The dataset enables understanding of this organization's service offerings, pricing models, and client base.
Media
Healthcare data breaches involving patient medical records and identicalness documents attract significant coverage. The contrast between ISO 27001 certification and a breach of this scurf presents a clear narrative. Published data gets indexed and surfaces during due diligence for years.
WHAT can HAPPEN
Patient data can be transmitted to identity hoax operators passports and national IDs enable account takeover and synthetic identity creation
medical claims data can be used for indemnity fraud treatment histories and policy details enable false claims submission
Employee banking details can be used for payroll deflection we have account information from bulk payment files
pinnace documents canful be shared with competing TPAs pricing and service proposals reveal competitive positioning
Security policies and peril registers can live analyzed to describe remaining vulnerabilities the organization's defensive posture is now fully mapped
Regulators canful receive formal notification of PDPA violations the scale of healthcare data photograph warrants investigation
Individuals can be notified directly that their medical and personal data has been compromised
The dataset can be published in full once released, other threat actors, hoax groups, and identity thieves can exploit it independently