Медицинская лаборатория Гемотест (Gemotest) Breach — 6.3M Ac
In April 2022, Russian pharmaceutical company Gemotest suffered a data breach that exposed 31 million patients . The data contained 6.3 million unique email addresses along with names, physical addresses, dates of birth, passport and insurance numbers. Gemotest was later fined for the breach.
Overview
In April 2022, Russian medical laboratory Gemotest suffered a massive data breach, exposing approximately 31 million patient records. The breach, which was later reported to the data aggregation service Have I Been Pwned, contained 6,341,495 unique email addresses alongside highly sensitive personal data. Victims’ names, physical addresses, dates of birth, passport numbers, and insurance details were all compromised. Gemotest was subsequently fined by Russian regulators for failing to protect patient data.
What Was Exposed
The Gemotest breach exposed a comprehensive set of personally identifiable information (PII). The data dump includes:
- Email addresses (6.3 million unique)
- Full names
- Physical addresses
- Dates of birth
- Passport numbers
- Insurance numbers
This is not a simple credential leak. Passport and insurance numbers are gold for identity thieves and fraudsters. When combined with names and addresses, this data enables sophisticated impersonation, fraudulent credit applications, and medical identity theft. The exposure of both passport and insurance details is particularly dangerous because it provides two independent verification points for identity theft.
How to Check if You’re Affected
Gemotest patients can check directly at Have I Been Pwned. Simply enter your email address on the site; if your email appears in the breach, your personal data is likely included in the exposed records. Because passport and insurance numbers were leaked, checking via email only may not catch all affected individuals - anyone who submitted identification documents to Gemotest should consider their data compromised, even if their email doesn’t appear in the database.
Identity Theft Risks
This breach carries extreme identity theft risks. Passport numbers enable criminals to create fraudulent identity documents, open bank accounts, and even travel under your name. Insurance numbers can be used to file false medical claims or obtain medical services using your coverage. The combination of passport, insurance, and address data makes it possible for attackers to complete detailed identity profiles that pass standard verification checks.
Unlike credential dumps where changing a password solves the problem, passport and insurance numbers cannot be easily changed. Victims may face long-term exposure to identity fraud, requiring vigilant monitoring of credit reports, government-issued ID renewals, and insurance claim histories.
What to Do Right Now
If you are a Gemotest patient, take these steps immediately:
- Contact your passport issuing authority to flag your passport as potentially compromised and request a replacement number if possible.
- Notify your insurance provider about the breach and ask about fraud monitoring for claims submitted under your number.
- Monitor your physical mail for unexpected insurance documents, credit card offers, or government correspondence.
- Place a fraud alert with major credit bureaus (whether or not financial data was exposed, passport fraud often leads to credit fraud).
- Use a password manager and enable two-factor authentication on all email and financial accounts.
Security Insight
The Gemotest breach underscores a recurring failure in healthcare and pharmaceutical data security: the collection of high-value identity documents without commensurate encryption or access controls. Passport and insurance numbers should never be stored in plain text along with basic patient contact details. This breach mirrors earlier healthcare incidents such as the 2019 LabCorp breach, which similarly exposed sensitive patient PII. The key lesson is that medical organizations must treat passport and insurance data with the same security rigor as financial account numbers - and patients must assume that any data provided to a healthcare provider may eventually be leaked. For ongoing cybersecurity news on healthcare breaches, stay informed as these incidents continue to target the medical sector globally.
Further Reading
Investigate Breaches Safely with NordVPN
Researching exposed data, paste sites, or threat actor infrastructure? Route your OSINT traffic through a VPN to avoid attribution and keep your investigation IP separate from your corporate network.
Get NordVPN for ResearchAffiliate link — we may earn a commission at no extra cost to you.
Never miss a data breach report
Get real-time security alerts delivered to your preferred platform.
Related Breach Reports
In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign , with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. Whilst not present on...
In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt . Following the incident, 1M records containing 317k unique email addresses were published, with the attackers threatening to leak additional data in the following days. That threat was subsequently ...
In February 2026, data obtained from the fintech lending platform Figure was publicly posted online . The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and at...
In August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year . The breach contained over 400k unique email addresses along with extensive personal information including names, physical addresses, dates of birth, passport numbers and loyalty program detail...