"Leaky Server Exposes 12 Million Medical Records to Meow Attacker"

A team of cybersecurity researchers at SafetyDetectives discovered an unsecured Elasticsearch server belonging to the Vietnamese tech firm Innovative Solution for Healthcare (iSofH). This company provides medical information and hospital management software to 18 medical facilities, including eight top-tier hospitals and clinics. The server found to be publicly accessible without encryption or password protection exposes 12 million records, impacting 80,000 patients and healthcare employees. These records reveal sensitive information, including full names, dates of birth, postal addresses, phone numbers, email addresses, credit card numbers, medical records, test results, and diagnoses. The leaked data also affects some children. Three days following the discovery, the publicly exposed server was attacked by the Meow bot, which deleted some of its indexes. This article continues to discuss the discovery, disclosure, and potential impact of iSofH's Elasticsearch server leak.

Infosecurity Magazine reports "Leaky Server Exposes 12 Million Medical Records to Meow Attacker"