Stolen Personal And Medical Information Was Found Online

May 23, 2019

Written by wukovits

Jeremiah Fowler, a researcher with Security Discovery recently found an unprotected Elasticsearch databased owned by a company called SkyMed on the internet.  According to his findings the database was configured such that it was open and visible to any browser. This allows anyone who stumbles across it to edit, download, or even delete data without administrative credentials.

The database contained a total of 136,995 patient records with histories going back thirty years in some cases.

It also included a variety of personally identifiable information such as:

  • Patient full name
  • Email address
  • Date of birth
  • Address
  • Phone numbers
  • In some cases, detailed medical information

Mr. Fowler promptly contacted SkyMed to inform them of the discovery. To their credit, the company promptly took the database offline.  They did not, however, make a formal reply to Mr. Fowler. They have not, to this point, reached out to any of the patients whose names and personal information appeared in the database.

In addition to the unprotected database, Mr. Fowler discovered forensic evidence that indicated the company’s network may have been infected with an unknown ransomware strain.  Again, however, the company has maintained total silence and has not contacted anyone, including their customers or impacted patients with details.

This complete lack of response is highly unusual.  On the heels of such an incident, we normally see a formal acknowledgement, an apology, a statement to the effect that the company is working with law enforcement and possibly engaging the services of a third party to assist with the investigation.  In addition to that, companies almost always make some effort to reach out to impacted parties to warn them of the dangers, advise of next steps they can take and offer free credit protection.

None of that has happened thus far, which could prove to be disastrous for SkyMed.  In the absence of those steps, it’s difficult to see how the company’s customers can trust them going forward.  In any case, be advised that if you are in any way reliant on SkyMed for any part of your care, there’s a chance your personally identifiable data was exposed.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Send us a message

Your message was sent.