A data breach in the National Epidemiological Surveillance System (SINAVE) has put the information of thousands of patients diagnosed with tuberculosis in Mexico at risk. Sensitive data, such as full names, CURP, medical diagnoses, ongoing treatments, among other details, have been compromised.
The hacktivist group known as Cibeguerrilla Nahual claimed responsibility for the attack. Through social media, they announced the leak as a protest against the government of Oaxaca, accusing it of ignoring the demands of indigenous communities. This group has been active in various attacks on government institutions in recent weeks.
The leak exposed clinical and socioeconomic information, such as education level, occupation, and affiliation with indigenous communities. Even data on deaths from the disease were revealed. This situation not only affects patients but also endangers the health professionals involved in the treatments.
The compromised database covers records from 2018 to 2025, indicating that the information affects individuals in active treatment. The exposure of this sensitive data poses risks such as discrimination, stigmatization, and extortion for the patients. The number of leaked records may be significantly higher than the more than 1,300 initially exposed, considering the national management of information in the health system.
The leak reveals a serious security breach in the health sector in the country and suggests a severe failure in the protocols for protecting confidential information. While it is unknown whether the attack occurred due to vulnerabilities in the SINAVE website or as an internal leak, the exposure of this data represents a risk to the privacy and security of those affected.
