Медицинская лаборатория Гемотест (Gemotest) Data Breach

21/04/2022 · 6,341,495 records · moderate risk

0 /100

Gravity Score

Critical

Calculated based on the types of data exposed (8 categories) and the volume of affected records (6,341,495).

Health related data demands extra protection because it can be both personal and highly actionable for fraud. In the Gemotest case, a Russian medical laboratory company suffered a breach that exposed information about a very large number of patients, and the organization was later fined.

The incident involved records that can directly identify individuals. Even without detailed test results, the combination of identity data with insurance and official identifiers can support serious misuse.

Exposed fields included names, email addresses, physical addresses, dates of birth, and gender. The leak also contained government issued identifiers such as passport numbers, along with health insurance information.

Reports referenced around 31 million patients, with about 6.3 million unique email addresses in the dataset. At this scale, the impact can include widespread phishing, identity fraud, and impersonation of insurers or clinics using accurate personal details.

Exposed data

Dates of birth Email addresses Genders Government issued IDs Health insurance information Names Passport numbers Physical addresses

What to do based on this breach

Contact your health insurer to add fraud notes and understand how they verify your identity for changes and claims

Be cautious of messages asking for passport, ID, or insurance details and confirm through official channels only

Consider credit monitoring and watch for new accounts or applications in your name because strong identifiers were exposed

Ask the data controller what information was affected and request rectification or erasure where applicable under GDPR

What can we learn from this breach?

Breaches in healthcare organizations show that identifiers, addresses, and insurance information must be treated as high risk data. Good practice includes strict access controls, encryption, auditing, and timely transparent communication with affected people. Data minimization and shorter retention also reduce harm when an incident occurs.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Odido

11/02/2026 6,077,025 records high risk

7 data types in common

Utair

20/03/2019 401,400 records moderate risk

6 data types in common

← All breaches