During 2019, incidents of medical information exposure were frequently reported due to incorrectly configured databases. This 2020 trend seems to continue, as WizCase cybersecurity researchers have just reported three medical databases exposing various personal details of citizens of multiple countries.
Among the databases exposed is one operated by an Indian medical company, which has exposed the confidential information of thousands users.
The databases were found during an investigation in collaboration with some medical companies. In this process, it was discovered that the databases were fully exposed, as they did not have encryption and did not need to use a password to enter. All affected companies have been already notified.
The affected companies, according to the latest cybersecurity report, are:
- HX Wellness Private Limited (Aermed online pharmacy app) – India – Approximately 230 thousand exposed records, including patient and staff data
- Mobile Health Pte Ltd (MaNaDr Mobile Health) – Singapore – About 842,000 records discovered, exposing details of patients and physicians
- Instituto Zaldívar – Argentina – Nearly 8,600 records were found, with data leaks from ophthalmic patients
HX Wellness Private Limited
This firm, based in India, set up a 4 GB database, equivalent to more than 230,000 committed records, including confidential patient and medical staff information (including full names, age, location data, email, among others data). The solutions used by this company were from MongoDB and an Amazon Web Services bucket.
Mobile Health Pte
Established in Singapore, this medical company exposed nearly 600 MB of confidential information, equivalent to 842 thousand records, most belonging to patients, including diagnostics, medical history, laboratory analysis, prescriptions and data Personal. The signature used an ElasticSearch server. In response to the report, the company released a statement stating that the exposed data belong to a test database, so they are not actual patient data.
This ophthalmological clinic based in Argentina exhibited a database with more than 72 MB of information, equivalent to 8 thousand 600 records, mostly belonging to patients of the clinic, including prescriptions and personal data.
Cybersecurity incidents that expose sensitive information are especially harmful, so these reports are essential to raising awareness among users and companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.