A public database exposed more than 1 billion CVS Health records, according to a June 16 report by ABC News.
Four details:
- The unsecured data was discovered by cybersecurity researcher Jeremiah Fowler in late March. He swiftly alerted the company of the breach.
- CVS said the database was hosted by a third-party vendor. CVS will continue to utilize the vendor and is working toward preventing a recurrence, according to a news statement obtained by ABC News.
- Breach records did not include patient data, but Mr. Fowler said some of the information revealed in the searches could have been linked to someone's identity.
- "Some search entries included email addresses and should be a wake-up call for companies to ensure their data security is solid," he said. "There were certain times where individuals put their own email addresses into the search bar and then that correlated with a visitor ID and user ID, and then usually it showed what they searched for. So, hypothetically, you could have connected those three and figured it out."