Windows 10 News and info | Forum
November 21, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Database Exposes Medical Info, PII Data of 137k People in U.S.  (Read 119 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 30718


I Do Windows


WWW Email
« on: May 02, 2019, 02:31:23 AM »
ReplyReply



A publicly accessible Elasticsearch database discovered on March 27 exposed various types of personally identifiable information (PII) and medical info of more than 100,000 individuals.

Security Discovery's researcher Jeremiah Fowler who discovered the unprotected Elasticsearch database found out after further investigation that the leaked data belonged to SkyMed, a company which provides medical emergency evacuation services for about 30 years.

As the researcher says, the Elastic database was "set to open and visible in any browser (publicly accessible) and anyone could edit, download, or even delete data without administrative credentials."


Sample leaked record - click to enlarge

The database contained 136,995 records of SkyMed members and included PII data such as full names, addresses, dates of birth, email addresses, phone numbers, with some of the entries also including medical information.

Besides finding hundreds of thousands of leaked member records, Fowler also discovered that the company's network might have also been infected at some point in time with an unknown ransomware strain.

This was revealed when the researcher found a ransom note entry named "howtogetmydataback" in SkyMed's unsecured ElasticSearch database.


Ransom note - click to enlarge

Database secured despite no communication

While the company did not provide any feedback to the researcher's reports on the exposed database, the good news is that SkyMed did take down the database eventually.

"The first data incident notification was sent on March 27th (the same day it was discovered). On April 5th we verified that the database was closed and no longer publicly accessible. No one from SkyMed replied to either message," stated Fowler.

BleepingComputer also reached out to SkyMed to ask if breach notifications were sent to the impacted individuals but the company did not provide a response prior to publication.

One of many unsecured ElasticSearch databases

This is definitely not the first and probably will not be the last time an ElasticSearch database is left exposed to anyone on the Internet. Since the start of 2019, unsecured ElasticSearch databases leaked hundreds of thousands of sensitive legal documents "not designated for publication," roughly 33 million profiles of Chinese people seeking jobs, and over 108 million bets at various online casinos exposing the bettors' PII data.

Additionally, more than 32 millions records of SKY Brasil customers and over 114 million records of US citizens and companies were also impacted by data leaks stemming from unsecured ElasticSearch databases during November 2018.

Elastic, ElasticSearch's developers, explained in a blog post published back in December 2013 that Elastisearch servers should never be exposed to the Internet given that it should be accessed only on the internal network via localhost or 127.0.0.1.

Elastic advises administrators to set passwords for the built-in users, to secure the ElasticSearch stack by implementing measures for "encrypting communications, role-based access control, IP filtering, and auditing," and to correctly configure the ElasticSearch installation.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page August 24, 2019, 10:26:23 PM