CYBER SECURITY ENTHUSIAST

A company based in Utah, called Premier Diagnostics was storing sensitive data belonging to its customers on a publicly accessible server.
Premier Diagnostics is a COVID-19 testing facility for individual patients, clinics, schools, and businesses, that serves primarily residents of Utah.

The researchers at Comparitech, the company that found the vulnerability, are saying that the negligence could lead to a potential data breach for over 50,000 customers.

This data could be in anyone’s hands now.
So, your ID and your medical card are probably somewhere on the dark web.

Source

What data could’ve been leaked?

For the customers to get tested for COVID-19, they must submit front and back pictures of their insurance ID cards and other identification documents like driver’s licenses, passports, or other forms of ID. The company was taking a photo, front and back of their ID, and a photo of the front and back of their medical insurance card.

Source

How could this data be accessed by hackers?

They had stored all that data on a server that was publicly accessible online without a password.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Network DNS Security

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

It looks like everyone with the right know-how could access all of the personal and private data with minimal effort, but for the time being, it’s unknown if any malicious parties got their hands on the sensitive data.

We don’t know for sure that any malicious parties got to it, but we’ve run honeypot experiments before where we see activity on that sort of unsecured data within a matter of hours.
It took them a few days to get it secured.

Source

The issue was discovered by a researcher, who is in charge of scanning the internet for unsecured databases, on the 22nd of February, the data was then secured on March 1st, which means that the sensitive content was exposed for almost a whole week.

It’s low-hanging fruit; it’s really easy.
They use the same tools that we do, that we use to find the database in the first place, they use the same tools to find it and steal it.

Source

Luckily it looks like no payment information was associated with the data existing in the database, but consistent with the type of data the threat actors allegedly could have extracted, an SQL injection is probably the way in which they could get the informations.

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP