Ad End 1 February 2024
Ad Ends 13 January 2025
Ad End 26 February 2025
ad End 25 April 2025
Ad Ends 20 January 2025
Ad expire at 5 August 2024
banner Expire 25 April 2025
What's new
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
casino
swipe store
adv exp at 23 August 2024
Carding.pw carding forum
BidenCash Shop
Kfc CLub

Leaky Server Exposes 12 Million Medical Records to Meow Attacker

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,544
Reaction score
916
Points
212
Awards
2
  • trusted user
  • Rich User
A healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses, before the exposed cloud server was struck by the infamous “meow” attacker, researchers have revealed.

A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although it’s unknown how long the data was exposed for before that.

It was traced back to Vietnamese tech firm Innovative Solution for Healthcare (iSofH), which provides software for electronic health records and hospital management to 18 medical facilities, including eight top-tier clinics.

As the server was left publicly exposed without encryption or password protection, the researchers were able to view a 4GB database of 12 million records, affecting roughly 80,000 patients and healthcare staff.

The data is a treasure trove for fraudsters, containing full names and dates of birth, postal and email addresses, phone numbers, passport details, credit card numbers, medical records and recent test results and diagnoses.

It also included the personal information of some children.

Three days after the discovery, the database was attacked by the meow bot which deleted an unspecified number of indexes.

After reaching out to iSofH and the Vietnamese CERT in mid-November to no avail, the researchers were finally able to contact the latter in early December, although the organization apparently hasn't been persuaded to take the incident seriously.

That’s despite the potential for follow-on blackmail and fraud attacks using the leaked data.

“The server contained incredibly detailed patient information and logs, as well as personal information regarding company staff and even partial information about the doctors who work at the various hospitals iSofH operates. If such information was to fall into the hands of criminals, this would present an acute security risk to doctors, company staff and patients simultaneously,” SafetyDetectives argued.

“More broadly, revealing full names, addresses and emails can be harnessed by nefarious users to inflict severe financial and reputational harm upon victims in the form of identity theft and financial fraud. The availability of credit card information further exacerbates the potential danger posed to victims, leaving them susceptible to credit card fraud and other financial crimes
 
Ad End 1 February 2024
Top