Over on DataBreaches.net, I’ve struggled to keep up with all the hacks that dump PII on the Internet. But there’s one from yesterday that involves patient data that should be mentioned here. A hack of vaguscosmetics.net (Part 1, Part 2, Part 3) reveals 1,973 2,555 patients’ information. Here are the data fields from the dumped database:
REGISTRATIONID1|GENDER1|REGISTRATION_NO1|NAME1|FATHER_NAME1|
DATE_OF_BIRTH1|BLOOD_GROUP1|TEMPORARY_ADDRESS1|
TEMPORARY_AREA1|TEMPORARY_DISTRICT1|PERMANENT_ADDRESS1|
PERMANENT_AREA1|HOME_PHONE1|PERMANENT_DISTRICT1|WORK_PHONE1|
MOBILE_PHONE1|EMAIL1|EDUCATION1|MARITAL_STATUS1|RELIGEON1|
FAMILY_MEMBR_NAME71|FAMILY_MEMBR_NAME81|FAMILY_MEMBR_NAME91|
FAMILY_MEMBR_NAME101
That’s a lot of personal information.
In a note to the site, the hacker writes:
Protip: IF you are unintelligent enough to put your patient records in the sql databases on the same webhosting as your site at the very least secure it so no one steals it…like this
(Post updated to incorporate Part 3)
Update: There was also a Part 4, it seems.