- I tested Samsung's 98-inch 4K QLED TV, and watching Hollywood movies on it left me in awe
- Apple is working on a doorbell that unlocks your door Face ID-style
- 5 biggest Linux and open-source stories of 2024: From AI arguments to security close calls
- Securing the OT Stage: NIS2, CRA, and IEC62443 Take Center Spotlight
- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
Misconfigured Database Leaks 880 Million Medical Records
Researchers have found an unsecured database leaking over 886 million sensitive patient records online.
The non-password-protected data trove was found by Jeremiah Fowler and Website Planet and traced to healthcare AI firm Deep 6 AI, which fixed the privacy snafu promptly after it was responsibly disclosed.
Deep 6 AI applies intelligent algorithms to medical data to help find patients for clinical trials within minutes.
The exposed data included date, document type, physician note, encounter IDs, patient ID, note, UUID, patient type, note ID, date of service, note type, and detailed note text.
The notes and physician information were stored in plain text, meaning anyone who discovered the database could have accessed intimate details of patient illnesses. Patient IDs were encrypted, but it’s unclear how strongly. This would make it harder for opportunistic cyber-criminals to unmask the victims.
However, if they were able to do so, the 68.5GB database would seem to offer plenty of information to use in possible extortion attempts or to sell on the dark web. According to Fowler, scammers could also have used the info to target doctors.
“During the pandemic doctors and nurses have been in close contact with infected patients. Scammers are now contacting doctors and pretending to be a contact tracer and then asking for sensitive patient medical data,” he explained.
“Hypothetically, this exposure could have provided scammers with a list of 89,143 medical professionals that they could target using insider information and their own notes to gain trust.”
The database itself, when exposed, was also at risk of being held to ransom, Fowler added.
According to IBM, healthcare remains way out in front in terms of sectors with the highest average breach costs. They rose by nearly 30% over the past year to top $9.2m per incident.