Halk Sağlığı Yönetim Sistemi Data Breach Exposed 100 Million Turkish Citizens' Records

In November 2022, the Halk Sağlığı Yönetim Sistemi (HSYS)—Turkey’s central health management database—suffered a massive data breach impacting more than 100 million individuals. This significant incident exposed a range of sensitive data related to Turkish citizens, both living and deceased. The stolen data consisted of full names, birth dates, city and district of residence, and even parents’ names and their national identification details. The sheer scale of this breach makes it one of the most concerning events in Turkey’s history regarding public health data, raising broad questions about data security and privacy for citizens registered in the national health system.

What Happened in the Halk Sağlığı Yönetim Sistemi Breach?

The HSYS breach took place in early November 2022, when unauthorized actors gained access to the citizen health database. This centralized system is responsible for holding extensive personal records of people registered in Turkey’s health programs and services. The breach allowed the attackers to retrieve vast amounts of private information that ordinarily would be protected by strict privacy standards.

Scope and Impact of the HSYS Breach

Over 100,923,000 records were compromised in the HSYS breach. The incident did not discriminate between living and deceased individuals, as the exposed database included both. This means that nearly the entire population of Turkey, past and present, was affected by the unauthorized data access. Such broad exposure highlights the profound consequences that can arise when large, centralized databases are compromised.

What Information Was Exposed?

The Halk Sağlığı Yönetim Sistemi breach involved several types of personally identifiable information. Leaked data included:

• First and last names
• Full birthdates
• City and district of residence
• Country
• Parents’ names and their national identification numbers

These fields combined can provide a detailed personal snapshot, making the breach especially sensitive from a privacy and identity protection standpoint.

Timeline of Events

The incident was first detected in November 2022. The actual unauthorized access likely occurred close to this period, given the timeline of when the leaked information began circulating within cybercriminal communities. Public reports and information about the breach became more widely known in the following weeks, as discussions spread across news and security research circles.

Frequently Asked Questions

How many users were affected by the Halk Sağlığı Yönetim Sistemi breach?

More than 100 million records were compromised, impacting virtually all Turkish citizens and some deceased individuals.

What kinds of data were exposed in the HSYS breach?

The breach exposed first and last names, full birthdates, cities and districts of residence, country, and parents' names and identification numbers.

When did the Halk Sağlığı Yönetim Sistemi data breach take place?

The breach was discovered in November 2022, with unauthorized access believed to have occurred around this time.

Was medical or health condition data also leaked in this incident?

No details about personal medical conditions or specific health information were publicly reported as being part of the exposed data set. The leak mainly involved identity and demographic data.

How can I check if I'm in the Halk Sağlığı Yönetim Sistemi breach?

You can check if your information was part of the Halk Sağlığı Yönetim Sistemi breach by utilizing the DeHashed search engine.