H1 Data Breach: 2M+ Medical Professional Records Leaked
H1 data breach: Over 2 million medical professional records allegedly leaked by threat actor Soral.
Summary
Threat actor Soral claims to have breached H1, a healthcare data analytics company, leaking over 2 million medical professional records. The leaked data includes names, specialties, qualifications, workplaces, and profile photos, posing a risk for phishing and impersonation attacks within the healthcare sector. While the data is not patient-specific, its scale and aggregation make it a valuable targeting resource.
Full text
Data2M+ professionals PriceFree leak CountryUnited States ActorSoral ▣Post details TargetH1 (h1.co), healthcare data analytics CountryUnited States SectorHealthcare Tech / Data Analytics ClaimMedical-professional database breached Data2,064,071 professional records ObservedJun 10, 2026 PriceFree leak (reply-gated) ActorSoral (GOD user) !Allegedly exposed 2,064,071 professional records (claimed) Full names & civility Sex & country Medical specialties Diploma & license names Years of experience Workplace names & sector Profile photos ◱Screenshot Screenshot 1 Redacted preview ⚠Potential impact If genuine, a directory of 2 million+ medical professionals with names, specialties, qualifications, workplaces, and photos would be a useful targeting resource for phishing and impersonation aimed at the healthcare sector. The per-record sensitivity is lower than a patient or consumer breach: the listed fields are professional and contain no patient data, contact details, or credentials, and much of the data appears derived from public professional registries (such as France's RPPS). The main risk comes from scale and aggregation rather than individually secret information. Figures and authenticity are unconfirmed. iStatus Unverified Sample records and field listings were posted to an underground forum, with the full dataset behind a reply gate; the sample records and download links are not reproduced here. The claim has not been independently confirmed and H1 has not publicly addressed it. Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing → DARK WEB INFORMER - THREAT INTELLIGENCE
Indicators of Compromise
- domain — h1.co