9 Misconfigured Databases Leaked Millions of Sensitive Patient Data
WizCase security team, led by Avishai Efrat, recently discovered 9 different unsecured and misconfigured medical websites leaking millions of sensitive patient data across the globe, including Social Security numbers, health information, and other crucial data. Each of the investigated clinical databases didn’t request a secret key to get to any information, which left the data of patients vulnerable to the general population.
The security team contacted all the hosting providers, companies, and local authorities. Not every database was secured when the report of leakage was announced. The researchers hope to see the companies securing the patient’s data in the future, following this report.
DataBreaches.net, examining it for the first time, found that two of the nine unsecured databases were maintained by top US healthcare firms by name VScript and Jintel Health or DeepThink Health. To talk about VScript, a renowned US pharmacy software organization, analysts found an open Elasticsearch server with around 800 files or 81 MB of information and an open GoogleAPI including a large number of pictures of remedy and medication bottles.
It likewise incorporated the information of clients of drug stores utilizing VScript and the numerous passages of installment exchanges for buying clinical things, for example, customer name, masked credit cards, and prescriptions. Researchers say, “Information about different pharmacies’ internal documentation of prescriptions and medicine bottles has been exposed, assisting potential medical document fraud.”
DeepThink Health is one of the noticeable precision intelligence platforms known to stock and organize clinical and genomic datasets for examination. The security team exposed an Elasticsearch database with 700,000 records or 2.7 GB of patient data.
Canada’s ClearDent, China’s Sichuan Lianhao Technology Group, Stella Prism by Stella Technology in Saudi Arabia, Nigeria’s Naiis, Brazil’s CadClin from BioSoft, Tsinghua University Clinical Medical College in China, and France-based Essilor are some of the exposed databases discovered by WizCase. These databases had medical observations, lab visits, prescriptions, Social Security Numbers, full names, and address details. The report authors stated, “Technology is moving at a fast pace and the security systems don’t seem like they can keep up. This is especially troubling when dealing with a company that is supposed to protect sensitive user data.”