Medical Records and Sensitive Data of 150,000 US Patients Exposed

It’s another day with yet another Amazon Web Services (AWS) bucket exposing sensitive user data to the public.

IT security researchers at Kromtech Security discovered an unprotected Amazon Web Services (AWS) bucket available for public access. The bucket contained personal and sensitive data of more than 150,000 patients from Patient Home Monitoring (PHM) healthcare firm (Lafayette, Louisiana, United States) that provides an in-home testing program.

According to Kromtech Security blog post, the 47.5 GB data contained patients names, phone numbers, addresses, 316,363 PDF medical records in the form of weekly blood test results and test results. Furthermore, the data contained a backup folder for the firm’s development server and personal details like name of doctors, client data and case management notes.

The security firm discovered the data on September 29th and alerted the healthcare authorities on October 5th. Although the bucket is now secured, the Kromtech Security didn’t get any response from the firm.

Medical Records and Sensitive Data of 150,000 US Patients Exposed
Screenshots from the leaked data / Credit: Kromtech Security

Alex Kernishniuk, Kromtech’s VP of Strategic Alliances commented on the leak and said that “This is yet another wake-up call for companies who try to bridge the gap between healthcare and technology to make sure cybersecurity is also a part of their business model,” Alex Kernishniuk, Kromtech’s VP of Strategic Alliances, said.

“This Amazon repository was misconfigured to be publically available, and anyone with an internet connection could access these confidential medical records. Even the most basic security measures would have prevented this data breach.

“Unfortunately, there are many more databases and cloud storage repositories waiting to be discovered, and the Kromtech Security Center is committed to helping to secure and protect data online.”

It was just yesterday when other security researchers from UpGuard revealed that they found 4 AWS buckets exposed to the public containing highly sensitive and critical data belonging to one of the world’s largest corporate consulting and management firms Accenture and its clients.

The Healthcare industry is already vulnerable to cyber attacks. Especially after the return of Locky ransomware; pharmaceutical and medical firms should remain more vigilant and secure their data before malicious elements can get their hands on it.

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is ‘Do my best, so that I can’t blame myself for anything.’