The IT expert Brian Wethern has discovered that the US healthcare company Health Stream left exposed online a database containing contact information for roughly 10,000 medics.
Wethern reported his discovery to Health Stream ten days ago, he explained that the data are hosted one of the websites that have been removed.
Records in the archive left open online includes last names of medics connected to Health Stream’s Neonatal Resuscitation Program, their email addresses, and ID numbers.
The site hosting the medics’ records was taken offline shortly after Wethern reported the data leak, but even if the website is no more accessible, leaked data are still available in different online caches.
Leaked data could be used by threat actors to launch a spear phishing campaign against medics at Health Stream.
“What I found was a front-side database,” Wethern told El Reg. “I don’t need their passwords … because I have the front-side database.”
Wethern decided to disclose the data leak to warn of the risks of such kind of incidents and highlight the importance of reserving a budget for cybersecurity of IT infrastructure.
“Hire a basic researcher, first and foremost. Allow your company to budget for these types of intrusions,” Wethern added.
“And before this all happens, make sure to have a data breach summary in place. Be current with bug bounty programs, own up to your mistakes, and honor the fact that security researchers can be good people out to do good things.”
Health Stream did not comment the data leak.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Health Stream, data leak)
[adrotate banner=”5″]
[adrotate banner=”13″]
The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on…
PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and…
Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams…
Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading…
Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to…
Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a…
This website uses cookies.