Misconfigured Storage Buckets Expose Medical Data
Medico, a US healthcare vendor that provides billing and insurance data processing, has exposed more than 320,000 sensitive files after leaving at least two Amazon buckets unsecured without a password. The first bucket contains 14,000 files amounting to about 1.7GB while the second bucket has about 307,000 files with 91.6GB of patient data. Exposed information include medical diagnosis, bank account, insurance details and personally identifiable information such as social security number. The buckets also store spreadsheets of account names and default passwords in cleartext. Medico has locked down the exposed buckets and informed affected customers within 48 hours after being notified. Investigation is still ongoing to determine if the information in the exposed buckets have been exfiltrated.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services