IT security researchers at Kromtech Security discovered an unprotected Amazon Web Services (AWS) bucket available for public access. The bucket contained personal and sensitive data of more than 150,000 patients from Patient Home Monitoring (PHM) healthcare firm (Lafayette, Louisiana, United States) that provides an in-home testing program.
According to Kromtech Security blog post, the 47.5 GB data contained patients names, phone numbers, addresses, 316,363 PDF medical records in the form of weekly blood test results and test results. Furthermore, the data contained a backup folder for the firm’s development server and personal details like name of doctors, client data and case management notes.
“This is yet another wake-up call for companies who try to bridge the gap between healthcare and technology to make sure cybersecurity is also a part of their business model,” Alex Kernishniuk, Kromtech’s VP of Strategic Alliances, said.
“This Amazon repository was misconfigured to be publically available, and anyone with an internet connection could access these confidential medical records. Even the most basic security measures would have prevented this data breach.
“Unfortunately, there are many more databases and cloud storage repositories waiting to be discovered, and the Kromtech Security Center is committed to helping to secure and protect data online.”
The Healthcare industry is already vulnerable to cyber attacks. Especially after the return of Locky ransomware; pharmaceutical and medical firms should remain more vigilant and secure their data before malicious elements can get their hands on it.