The Website Planet research team and Jeremiah Fowler researcher discovered a non-password-protected database containing a huge amount of medical information and about 68.53GB of healthcare records.
The healthcare information includes the name and identity of patients, the prescriptions given by the healthcare provider. And all the related data to the patients of the US who have been exposed. Not all the data in the record is in clear text, but some of it is encrypted whereas, the notes given by the healthcare specialist were in written form.
Moreover, the exposed database consists of much sensitive information, including emotional problems, social issues, family concerns, drugs and prescriptions, treatment strategies, and illness diagnosis. One of the most shocking things that the researcher Jeremiah Fowler and the Website Planet research team realized was that the exposed data included minor and intimate details of the patients.
The research team explained in the report that if the encrypted data is somehow decrypted, or even the patient’s ID is exposed, all the other information about the patient will be revealed. It will be no more a challenge to have a look at the medical problems of the patients. Hence, the healthcare records of the patients online will not be secured.
After some deep research, the team discovered that some usernames and internal emails were also present along with the medical records.
If we look at the exact figures, 89 thousand records were revealed that consisted of CSV files, location of important documents, the ID number of the patients, and the name of the healthcare provider which deals with the patient, and other intimate information.
Furthermore, 422 million patient records and 21 million medicine details and lab results were exposed.
Many cybercriminals want to gain the trust of several patients and get all the inside information to scam people. Especially in today’s world, when Covid has taken over the entire motherland, the patients’ medical records have become more valuable.
Per medical records, the average cost of a data breach is about $499, which makes it clear why people do it. Usually, these cyber criminals pretend to be contact readers and contact the healthcare professional to get knowledge about the patients’ medical records.
After the research team discovered that millions of records had been exposed, they forwarded a disclosure notice to the company without further delay. The Medical Al Company performed very efficiently and quickly to block access to all the records. Anyone with an internet connection could reach confidential information about the patients and professionals.
Moreover, there was a chance of falling victim to a ransomware attack which was reduced by restricting access to those records to the entire public.
Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud.
Want a consultation with the professionals at Rogue Logics, contact us and get a free quote.