Executive Summary

RSA Crackers published a statement claiming that it identified and corrected a critical exposure of credentials and vulnerabilities associated with minsal.cl, stating that more than 36 million health records of Chilean citizens may have been exposed.

The actor claims that it acted “in good faith”, that it did not download information, did not infect the service, and only identified and corrected the issue. It also asks for public dissemination to counter the perception that the group acts with malicious intent.

The publication is relevant because it exposes a recurring tension within the regional hacktivist ecosystem: actors that present themselves as corrective or protective, but operate through unauthorized access, outside formal disclosure processes, without independent validation, and without institutional control over the evidence.

Key Judgments

• RSA Crackers claims to have identified and corrected a critical exposure linked to credentials and vulnerabilities in minsal.cl.
• The actor claims that more than 36 million health records of Chilean citizens may have been exposed.
• The statement attempts to reposition the group as a “good faith” actor rather than a malicious threat.
• The publication reflects distrust toward institutional channels and a narrative of taking justice into its own hands.
• Even when an action is presented as beneficial, unauthorized access to systems or sensitive data can generate legal, technical, operational, and chain-of-custody risks.

What Happened

RSA Crackers, a Latin American actor, published a statement claiming that it corrected a “huge problem” involving credentials and vulnerabilities associated with minsal.cl. According to the actor, the exposure may have involved more than 36 million health records of Chilean citizens.

The group claims that it did not download data, did not infect systems, and acted only to identify and correct the issue. In the same message, it asks the community to disseminate the case to show that they are “not the bad guys”.

The statement also expresses distrust toward the relevant institutional authority and argues that, since they no longer believe in those mechanisms, the only solution is to take justice into their own hands.

Operational Assessment

Based on the available information, it is not possible to confirm the actual existence of the exposure, the volume of affected records, the type of vulnerability, the access path, the scope of the alleged fix, or whether there was any formal interaction with the system’s responsible parties.

Even so, the message has operational and strategic value because, at first glance, the actor appears to be trying to differentiate itself from purely extortive or destructive groups, building a legitimacy narrative around the ideas of critical-risk identification, absence of direct harm, and alleged voluntary correction.

The problem is that “good faith” does not eliminate risk. In sensitive systems, especially those associated with health, any unauthorized access can affect traceability, integrity, confidentiality, forensic evidence, and public trust. In addition, an undocumented or uncoordinated correction can introduce unaudited changes, hide relevant indicators, or hinder institutional response.

Intelligence Significance

This case is useful for observing a gray zone within Latin American hacktivism, where actors do not always present themselves as 100% malicious, but rather as “digital vigilantes” intervening where they believe institutions have failed.

RSA Crackers is not only communicating an alleged technical action; it is trying to install a public reading: “if it had not been us, the damage would have been greater”. That narrative attempts to transform an unauthorized intrusion into an act of community protection. However, despite the alleged good intentions, the intrusion falls within the legal framework as a hostile action.

For security teams, governments, and critical organizations, especially in Latin America, the case reinforces the need for clear reporting channels, responsible disclosure programs, reasonable response times, and transparent public communication. When those channels do not exist, do not work, or do not generate trust, external actors can occupy that vacuum with high-risk actions and strong narrative impact.

Analytical Closing

This is not only a technical claim about minsal.cl, but also a strong indicator of the limits of “good faith” hacktivism. Although the actor attempts to present itself as the corrector of a critical flaw, protecting sensitive systems requires authorization, coordination, preservable evidence, and validation.

The central tension is not whether the actor intended to harm or help, but that the security of critical information cannot depend on unauthorized interventions, however well-intentioned they may appear. Ultimately, this case opens the debate around the limits of unauthorized access.