This week’s Cyber Intelligence House Leak of the Week covers a major healthcare data exposure involving Hfcp.com.br (Hospital dos Fornecedores de Cana de Piracicaba), a medical and diagnostic center based in Piracicaba, São Paulo, Brazil.
In October 2025, the actor “corriginam” published a 4.9 GB dataset on DarkForums, claiming to have encrypted 11 TB of hospital files and made public extracts of patient and system data. The leak contains 16 CSV files housed in a single directory, largely composed of database exports from patient, user, and scheduling systems.
From the dataset, sensitive information was confirmed, including fields and records such as:
• "NR_CPF", "NR_IDENTIDADE", and "NR_TELEFONE_CELULAR" — exposing national ID numbers and contact details of patients and staff.
• "NM_PESSOA_FISICA" and "DT_NASCIMENTO" — full names and birthdates tied to individuals.
• "NR_CARTAO_NAC_SUS" and "CD_ESTABELECIMENTO" — identifiers linking to Brazil’s
national health system and associated medical facilities.
• "CD_SENHA" and "CD_SENHA_AUTORIZACAO" — credential fields potentially holding unhashed passwords or authorization tokens.
• "NR_PRONTUARIO" and "DS_OBSERVACAO" — hospital record numbers and clinical notes, indicating patient health information exposure.
Implications for individuals
1. Direct exposure of personally identifiable and medical data, risking identity theft and insurance fraud.
2. Release of contact and credential data, enabling phishing or impersonation.
3. Long-term loss of medical confidentiality if patient histories circulate publicly.
Implications for the hospital
1. Regulatory penalties under Brazil’s LGPD for leaking sensitive patient and staff information.
2. Operational disruption from system account compromise and trust erosion.
3. Reputational damage within regional healthcare networks and among patients.
Supply-chain considerations
The dataset includes identifiers for external laboratories, medical professionals, and insurance partners. Any connected third-party portals or referral systems should be treated as potentially compromised.
Cyber Intelligence House recommendations
• Immediately rotate all system credentials, enforce multi-factor authentication, and audit access logs.
• Isolate affected databases and verify backup integrity to detect encryption or tampering.
• Conduct dark-web monitoring for reposts of Hfcp data and coordinate takedowns where possible.
• Notify impacted individuals and partners under LGPD and healthcare compliance standards.