"Misconfigured Database Leaks 880 Million Medical Records"

Security researchers at Website Planet have found an unsecured database leaking over 886 million sensitive patient records online.  The non-password-protected data trove was traced to healthcare AI firm Deep 6 AI, which fixed the privacy snafu promptly after it was responsibly disclosed.  Deep 6 AI applies intelligent algorithms to medical data to help find patients for clinical trials within minutes.  The researchers stated that the exposed data included: date, document type, physician note, encounter IDs, patient ID, notes, UUID, patient type, note ID, date of service, note type, and detailed note text.  The researchers noted that the notes and physician information were stored in plain text, meaning anyone who discovered the database could have accessed intimate details of patient illnesses. Patient IDs were encrypted, but it’s unclear how strongly. This would make it harder for opportunistic cybercriminals to unmask the victims.  However, if an adversary were able to do so, the 68.5GB database would seem to offer plenty of information to use in possible extortion attempts or to sell on the dark web. The researchers stated that hypothetically, this exposure could have provided scammers with a list of 89,143 medical professionals that they could target using insider information and their own notes to gain trust.

Infosecurity reports: "Misconfigured Database Leaks 880 Million Medical Records"