Millions of Highly Sensitive Patient Records Exposed in Medical Diagnostic Company Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 12 million records containing medical diagnostic scans, test results, and other potentially sensitive medical records.
The database contained a massive amount of medical test results that included the names of patients, doctors, if the testing sample was done at home or at a medical facility, and a wide range of other sensitive health information. The total number of records was significant, at a count of 12,347,297 with a total size of 7TB. Upon further investigation, the documents were marked as belonging to an India-based company called Redcliffe Labs. I immediately sent a responsible disclosure notice, and I received a reply acknowledging my discovery and thanking me for my efforts. Public access was restricted the same day, but it is unclear how long the database was exposed or if any unauthorized individuals accessed the purported health records.
Read more at WebsitePlanet.