Medical Data Leaked on GitHub Due to Developer Errors

CyberPanther

Level 6
Thread author
Verified
Well-known
Oct 1, 2019
295
Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.
Developer error caused the leak of 150,000 to 200,000 patient health records stored in productivity apps from Microsoft and Google that were recently found on GitHub.
Dutch researcher Jelle Ursem discovered nine separate files of highly sensitive personal health information (PHI) from apps such as Office 365 and Google G Suite from nine separate health organizations. He had difficulty reaching the companies whose data had been leaked and so eventually reported the breach to DataBreaches.net, which worked with him to publish a collaborative paper, “No Hack When It’s Leaking,” on the findings.
The title refers to the discovery that the information was exposed not through an attack or unaurhtorized entry into the health systems, but because of developers’ improper configuration of access controls and hardcoded credentials in the storing of the information, according to the paper.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top