Neglect Exposes Private Medical Files
October 28, 2015
Data such as financial information and medical files are supposed to be protected behind secure firewalls and barriers that ensure people’s information does not fall into the wrong hands. While digital security is at the best it has ever been, sometimes a hacker does not to rely on his/her skills to get sensitive information. Sometimes all they need to do is wait for an idiotic mistake, such as what happened on Amazon Web Services wrote Gizmodo in “Error Exposes 1.5 Million People’s Private Records On Amazon Web Services.”
Tech junkie Chris Vickery heard a rumor that “strange data dumps” could appear on Amazon Web Services, so he decided to go looking for some. He hunted through AWS, found one such dump, and it was a huge haul or it would have been if Vickery was a hacker. Vickery discovered it was medical information belonging to 1.5 million people and from these organizations: Kansas’ State Self Insurance Fund, CSAC Excess Insurance Authority, and the Salt Lake County Database.
“The data came from Systema Software, a small company that manages insurance claims. It still isn’t clear how the data ended up on the site, but the company did confirm to Vickery that it happened. Shortly after Vickery made contact with the affected organizations, the database disappeared from the Amazon subdomain.”
The 1.5 million people should be thanking Vickery, because he alerted these organizations and the data was immediately removed from the Amazon cloud. It turns out that Vickery was the only one to access the data, but it begs the question what would happen if a malicious hacker had gotten hold of the data? You can count on that the medical information would have been sold to the highest bidder.
Vickery’s discovery is not isolated. Other organizations are bound to be negligent in data and your personal information could be posted in an unsecure area. How can you get organizations to better protect your information? Good question.
Whitney Grace, October 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph