Misconfigured Database Leaks 880 Million Medical Records
Researchers have found an unsecured database leaking over 886 million sensitive patient records online.
The non-password-protected data trove was found by Jeremiah Fowler and Website Planet and traced to healthcare AI firm Deep 6 AI, which fixed the privacy snafu promptly after it was responsibly disclosed.
Deep 6 AI applies intelligent algorithms to medical data to help find patients for clinical trials within minutes.
The exposed data included date, document type, physician note, encounter IDs, patient ID, note, UUID, patient type, note ID, date of service, note type, and detailed note text.
The notes and physician information were stored in plain text, meaning anyone who discovered the database could have accessed intimate details of patient illnesses. Patient IDs were encrypted, but it’s unclear how strongly. This would make it harder for opportunistic cyber-criminals to unmask the victims.
However, if they were able to do so, the 68.5GB database would seem to offer plenty of information to use in possible extortion attempts or to sell on the dark web. According to Fowler, scammers could also have used the info to target doctors.
“During the pandemic doctors and nurses have been in close