Healthcare

Misconfigured Storage Buckets Expose Medical Data

16 - 23 July 2019

Medico, a US healthcare vendor that provides billing and insurance data processing, has exposed more than 320,000 sensitive files
Cyber_News_Healthcare

Medico, a US healthcare vendor that provides billing and insurance data processing, has exposed more than 320,000 sensitive files after leaving at least two Amazon buckets unsecured without a password. The first bucket contains 14,000 files amounting to about 1.7GB while the second bucket has about 307,000 files with 91.6GB of patient data. Exposed information include medical diagnosis, bank account, insurance details and personally identifiable information such as social security number. The buckets also store spreadsheets of account names and default passwords in cleartext. Medico has locked down the exposed buckets and informed affected customers within 48 hours after being notified. Investigation is still ongoing to determine if the information in the exposed buckets have been exfiltrated.

 

References:

Medical Procedure: How a Misconfigured Storage Bucket Exposed Medical Data

HIPAA Nightmare: An IT Vendor’s Error Left More Than 300,000 Files with Protected Health Information Exposed

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence