Another day, another exposed database due to misconfiguration of a MongoDB installation. Bob Diachenko found it and reports on it: On August 3rd, I have discovered that personal information of 2,373,764 patients from Mexico is publicly available through a misconfigured MongoDB instance. Data included such fields as: Full name and gender; CURP number (i.e. Personal…
Category: Exposure
St. Mary’s Hospital Campus in Jefferson City notifies 301,000 of limited PHI left behind in a 2014 move
And this is why I always wait to close out monthly stats in healthcare. The following incident just showed up on HHS’s public breach tool today as having been reported to them on July 30, and affecting 301,000 patients. St. Mary’s Hospital’s notice, below, indicates that the entity was not sure of the number affected. …
Salesforce API error may have caused data leak
Tom Allen reports: Cloud computing firm Salesforce has warned customers that their information may have been shared with other customers’ accounts, due to an API error. In a security advisory, the CRM company says it became aware of the issue on the 18th July. The error impacted ‘a subset’ of Marketing Cloud customers using the…
AU: 7000 patient records from Women’s and Children’s hospital exposed online in embedded data- for 13 years
Simeon Thomas-Wilson reports: Medical records of more than 7000 people were exposed online for 13 years, forcing an urgent review by SA Health into whether there were any other breaches. Names, date of birth and test results for around 7200 pathology tests at the Women’s and Children’s Hospital from 1996 to 2005 were leaked online…
Web doc iCliniq plugs leaky S3 bucket full of medical files
Another data leak by an Indian firm, it seems. John Leyden reports on this one: Online medical consultation service iCliniq has restricted access to thousands of medical documents it left in a public AWS S3 bucket. iCliniq acted earlier this week only after the slip-up was brought to its attention by German security researcher Matthias…
Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months
Brian Krebs reports: TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018….