An ethical hacker found 150,000 to 200,000 patients' records exposed on GitHub due to nine data leak incidents, according to Security Boulevard.
Four details:
1. The hacker, Jelle Ursem, released a report with DataBreaches that found data leaks associated with healthcare providers, a health plan and third-party vendors exposed thousands of patients' records. Just three of the nine entities patched the leaks after being notified about them.
2. The leaks occurred for several reasons, including: embedding hard-coded login credentials instead of making it a configuration option on the server the code runs on; using public repositories; no two-factor authentication; not deploying IP address whitelists.
3. In some cases the organizations didn't enforce password resets or provide a responsible disclosure mechanism.
4. The report named Glover, Mereacre and GnosticPlayers as threat actors misusing GitHub.
More articles on cybersecurity:
Malware attack exposes info of 129,000+ Behavioral Health Network patients
Blackbaud hack exposes info of 657,392 Maine health system donors
Rite Aid pharmacy thefts expose information of 9,200 patients
GitHub leaks exposed up to 200,000 medical records: 4 details
Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.