• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Leaky Server Exposes 12 Million Medical Records to Meow Attacker

You are here: Home / General Cyber Security News / Leaky Server Exposes 12 Million Medical Records to Meow Attacker

A health care technology firm leaked 12 million data on individuals which include really delicate diagnoses, in advance of the exposed cloud server was struck by the notorious “meow” attacker, scientists have revealed.

A staff at SafetyDetectives led by Anurag Sen found the leaky Elasticsearch server in late October immediately after a schedule IP tackle scan, although it’s unknown how very long the data was uncovered for just before that.

It was traced back to Vietnamese tech firm Progressive Resolution for Health care (iSofH), which provides software program for digital overall health information and hospital management to 18 health care services, like 8 top rated-tier clinics.

✔ Approved Seller by TheCyberSecurity.News From Our Partners
F Secure Safe 2021

Protect yourself against all threads using F-Seure. F-Seure is one of the first security companies which has never been backed up by any governments. It provides you with an award-winning security plus an optimum privacy.

Get F-Secure Safe with 65% discount from a bitdefender official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


As the server was still left publicly exposed with out encryption or password security, the researchers had been capable to see a 4GB database of 12 million documents, affecting roughly 80,000 sufferers and healthcare team.

The data is a treasure trove for fraudsters, containing full names and dates of delivery, postal and email addresses, phone numbers, passport details, credit history card quantities, health care information and modern exam final results and diagnoses.

It also bundled the own information of some small children.

Three days immediately after the discovery, the database was attacked by the meow bot which deleted an unspecified number of indexes.

After achieving out to iSofH and the Vietnamese CERT in mid-November to no avail, the scientists had been eventually capable to get hold of the latter in early December, whilst the organization apparently hasn’t been persuaded to get the incident seriously.

Which is even with the likely for adhere to-on blackmail and fraud attacks utilizing the leaked info.

“The server contained very comprehensive patient facts and logs, as perfectly as private info pertaining to firm employees and even partial info about the medical professionals who perform at the various hospitals iSofH operates. If such details was to slide into the arms of criminals, this would existing an acute security risk to health professionals, company employees and sufferers concurrently,” SafetyDetectives argued.

“More broadly, revealing full names, addresses and e-mails can be harnessed by nefarious consumers to inflict intense economical and reputational harm on victims in the variety of id theft and money fraud. The availability of credit score card details further exacerbates the likely hazard posed to victims, leaving them susceptible to credit score card fraud and other economic crimes.”


Some areas of this article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Web Page Layout Can Trick Users into Divulging More Info
Next Post: Cyber Insurance Market Expected to Surge in 2021 Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Big Tech Bans Social Networking App
  • Lack of Funding Could Lead to “Lost Generation” of Cyber-Startups
  • Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
  • ‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform
  • DarkSide decryptor unlocks systems without ransom payment – for now
  • Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group
  • Millions of Social Profiles Leaked by Chinese Data-Scrapers
  • Feds will weigh whether cyber best practices were followed when assessing HIPAA fines
  • SolarWinds Hack Potentially Linked to Turla APT
  • 10 quick tips to identifying phishing emails

Copyright © TheCyberSecurity.News, All Rights Reserved.