- Oct 1, 2019
- 299
Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.
Developer error caused the leak of 150,000 to 200,000 patient health records stored in productivity apps from Microsoft and Google that were recently found on GitHub.
Dutch researcher Jelle Ursem discovered nine separate files of highly sensitive personal health information (PHI) from apps such as Office 365 and Google G Suite from nine separate health organizations. He had difficulty reaching the companies whose data had been leaked and so eventually reported the breach to DataBreaches.net, which worked with him to publish a collaborative paper, “No Hack When It’s Leaking,” on the findings.
The title refers to the discovery that the information was exposed not through an attack or unaurhtorized entry into the health systems, but because of developers’ improper configuration of access controls and hardcoded credentials in the storing of the information, according to the paper.
Medical Data Leaked on GitHub Due to Developer Errors
Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.
threatpost.com