TIP: Click on subject to list as thread! ANSI
echo: politics
to: All
from: Mike Powell
date: 2024-12-17 09:31:00
subject: Top healthcare company ex
Top healthcare company exposes data on millions of patients - find out if
you're affected

Date:
Mon, 16 Dec 2024 17:15:00 +0000

Description:
Canadian healthcare giant locked the archive down after the discovery.

FULL STORY

A huge database containing millions of sensitive records has been discovered
unprotected online available to anyone who knew where to look. 

The cache was recently discovered by security researcher Jeremiah Fowler,
known for uncovering misconfigured databases, or non-password-protected
archives. 

This time around, Fowler said he found a database containing more than 4.8
million documents, and weighing roughly 2.2 terabytes. Investigating the 
files found in the archive, the researchers said he found eye exams in .PDF
format, together with patient Personally Identifiable Information (PII),
doctors comments, and images of the exam results.

Reacting to the findings 

The database also contained .csv and.xls spreadsheets that listed patients 
and included their home addresses, Personal Health Numbers (PHN), and details
regarding their health, Fowler told vpnMentor . 

Personal Health Numbers are unique identifiers, assigned to individuals, by
provincial or territorial healthcare systems in Canada to manage access to
publicly funded healthcare services. They are used to track medical records,
process insurance claims, and verify eligibility for healthcare services. 

Cybercriminals could abuse PHNs by using them for identity theft , such as
obtaining unauthorized medical services, filing fraudulent insurance claims,
or purchasing prescription drugs illegally. They could also sell these 
numbers on the dark web for profit or exploit the associated data to craft
targeted phishing or social engineering attacks. 

Drilling deeper, Fowler found that the database belonged to Care1, a Canadian
company offering AI software solutions to support optometrists in delivering
enhanced patient care. The company says its software helped manage more than
150,000 patient visits, and is used by more than 170 optometrists. 

After realizing who the owner was, Fowler reached out to the company, who
locked the database down soon after. However, without detailed forensics, its
impossible to know if malicious actors found the archive at any time in the
past.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/top-healthcare-company-exposes-data-on-
millions-of-patients-find-out-if-youre-affected

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SOURCE: echomail via QWK@pharcyde.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.