gemotest.ru 2022 Data Breach

Gemotest Russian Medical Lab Network Breach (2022): 30 Million Patient Records Including Passport Numbers | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Unknown (DLBI dark-web monitor first reported)MedicalEmail AddressFull NamePassport NumberPhone NumberPhysical Address
High SeverityWebsite / service breach

Gemotest Russian Medical Lab Network Breach (2022): 30 Million Patient Records Including Passport Numbers

Russian laboratory diagnostics and medical testing network.

Verified by ObscureIQ Intelligence
62/100Breach Risk Index
35Data Value
25Market Recency
455dSince Breach

Breach Intelligence Summary

Entity: gemotest.ru · Actor: Unknown (DLBI dark-web monitor first reported) · Sources: 2 references
Attack: Unknown
Profile: Healthcare provider · Diagnostic testing and laboratory services · Medical lab network · Russia
Timeline: Breach (2022-01-01) · Indexed (Jan 27, 2025) · Year (2022)
Exposure: 30.2M records · 5 fields: Email Address, Full Name, Passport Number, Phone Number, Physical Address
Status: Reported

Executive Summary

Gemotest, one of the largest private medical laboratory networks in Russia, suffered a data breach in April 2022 that exposed approximately 31 million patient records. The data was placed for sale on dark-web forums in early spring 2022 and was subsequently sold to multiple buyers and published. Russian dark-web monitoring service DLBI first reported the leak. Roskomnadzor, Russia's data-protection regulator, opened an investigation, and a Moscow magistrate court fined the company 60,000 rubles in mid-2022 for the violation.\n\nThe published dataset reportedly contained approximately 300 gigabytes of customer data covering more than 30 million records. Compromised fields included names, dates of birth, gender, phone numbers, email addresses, physical addresses, Russian internal passport series and numbers, and insurance identifiers. Have I Been Pwned indexed approximately 6.3 million unique email addresses among the records. Russian COVID-19 testing protocols at the time required passport verification, which is why a substantial subset of records included passport identifiers tied to test results.\n\nFor affected individuals, the practical risk profile is unusually severe and durable. The combination of name, date of birth, address, and Russian passport number is a strong base for identity-verification bypass at Russian financial institutions and government services. Cross-border risks apply because the dataset has continued to circulate internationally, and individuals who travelled to or from Russia during the affected period may face exposure to identity-document fraud or impersonation. Patients in occupied territories who may have used Russian-issued passports for COVID testing face additional political and personal-safety considerations given investigative-journalism use of the dataset. Anyone whose Gemotest records were affected should treat their Russian passport number as durably exposed and remain alert to unsolicited contact referencing past medical testing or government services.

ObscureIQ assessment: Extremely sensitive. Exposure enables identity theft, medical fraud, and serious privacy harm tied to testing status and provider relationships. Lab records can also support highly targeted health-themed scams.

Breach Impact

The direct institutional impact on Gemotest was minimal in formal terms, with a Russian regulatory fine of 60,000 rubles representing a fraction of one percent of typical fines under more developed data-protection regimes. Roskomnadzor, Russia's data-protection regulator, opened an investigation following the leak and referred the matter to prosecutors. The practical impact has fallen primarily on Gemotest patients rather than on the company itself, which continues to operate at scale across the region. Reputational impact within Russia was bounded by limited consumer-protection infrastructure and a generally weak privacy-rights framework. International attention to the dataset has continued because of its volume and the inclusion of passport numbers.

About gemotest.ru

Gemotest, also written Hemotest, is one of the largest private medical laboratory networks in Russia. Headquartered in Moscow, the network operates hundreds of laboratory branches across Russia, Kyrgyzstan, Tajikistan, and Kazakhstan, performing hundreds of thousands of medical tests daily. The service range spans clinical blood and biochemistry tests, COVID-19 testing, infectious disease panels, and genetic testing. As a private medical lab network, Gemotest collects patient identity, contact, billing, referral-physician, and detailed test-result records, alongside government-issued identifiers including Russian internal passport numbers, which Russian COVID-19 testing protocols required to verify identity at the time of the breach.

Why They Hold Your Data

Medical laboratory networks collect highly sensitive patient identity, contact, billing, insurance, provider-order, and diagnostic test records across lab testing workflows.

Recent Developments

Gemotest was fined approximately 60,000 rubles (around \$1,000 at the time) by a Moscow magistrate court in mid-2022 for the data leak, the maximum penalty allowed under Russian personal-data legislation in force at that time. Russian data-protection enforcement has tightened modestly since 2022, with new amendments allowing larger turnover-based fines for repeat offenders. The Gemotest dataset has continued to circulate on Russian and international dark-web forums in the years since the original release. Notable subsequent uses of the dataset include investigative journalism: in 2023 reporting by RFE/RL's Schemes unit used Gemotest records to identify a Ukrainian judge who had used a Russian passport for COVID-19 testing in occupied Crimea, supporting allegations of dual citizenship.

Data Points Exposed

5 verified field types
Email Address
Full Name High
Passport Number Critical
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • International identity fraud & border exploitation
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Unknown (DLBI dark-web monitor first reported)

Unknown (DLBI dark-web monitor first reported)
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the gemotest.ru breach?

Gemotest, one of the largest private medical laboratory networks in Russia, suffered a data breach in April 2022 that exposed approximately 31 million patient records. The data was placed for sale on dark-web forums in early spring 2022 and was subsequently sold to multiple buyers and published.…

What data was exposed?

Verified fields include Email Address, Full Name, Passport Number, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation