Millions affected in major health data breach caused by a missing password
Date:
Wed, 23 Oct 2024 14:29:00 +0000
Description:
A huge database was found sitting online without a password, offering sensitive user data to anyone who found it.
FULL STORY ======================================================================
Researchers from Cybernews have reported finding a huge database containing sensitive customer information from the Mexican healthcare sector left unprotected online
The team discovered a misconfigured Kibana instance with a tremendous volume of information, later attributed to eCaresoft, a software company behind two cloud-based Hospital Information Systems - Cirrus and Anytime. These
platforms are used by more than 65 hospitals, 110 outpatient care centers,
and more than 30,000 doctors, to help manage different aspects of work, such as inventory management, medicine management, appointment booking, and more.
According to Cybernews, the database contained sensitive information on more than five million people, leaking things like names, ethnicity, nationality, religion, blood type, birth dates, gender, phone number, email address, CURP (Mexican personal identification number), expenses, hospitals visited, and payment request descriptions. Shift in tactics
Kibana is an open source data visualization and exploration tool. It is used for analyzing and visualizing log data stored in Elasticsearch, a
distributed, open-source search and analytics engine, commonly used for indexing and querying large volumes of data in real time.
Unprotected and poorly managed databases remain one of the key causes of data leaks, and this instance contained more than enough information to help
threat actors mount identity theft , phishing, and possibly even wire fraud.
Luckily, health records or payment data were not exposed, however Cybernews stressed the CURP numbers are a particular cause of concern, since they are the Mexican counterpart to the US Social Security Number.
The database has subsequently been locked down, but it's not known for how long it remained open, or if someone found it before the researchers. We also dont know if the victims have already been notified about the breach or not. More from TechRadar Pro Mystery database containing sensitive info on 762,000 car-owners discovered by researchers Here's a list of the best firewalls
today These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/millions-affected-in-major-health-data- breach-caused-by-a-missing-password
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)