Health Stream left exposed online a database containing contact data for roughly 10,000 medics

Haythem Elmir
0 1
Read Time1 Minute, 26 Second

An IT professional has discovered that the US healthcare company Health Stream left exposed online contact information for roughly 10,000 medics.

The IT expert Brian Wethern has discovered that the US healthcare company Health Stream left exposed online a database containing contact information for roughly 10,000 medics.

Wethern reported his discovery to Health Stream ten days ago, he explained that the data are hosted one of the websites that have been removed.

Records in the archive left open online includes last names of medics connected to Health Stream’s Neonatal Resuscitation Program, their email addresses, and ID numbers.Health Stream

The site hosting the medics’ records was taken offline shortly after Wethern reported the data leak, but even if the website is no more accessible, leaked data are still available in different online caches.

Leaked data could be used by threat actors to launch a spear phishing campaign against medics at Health Stream.

“What I found was a front-side database,” Wethern told El Reg. “I don’t need their passwords … because I have the front-side database.”

Wethern decided to disclose the data leak to warn of the risks of such kind of incidents and highlight the importance of reserving a budget for cybersecurity of IT infrastructure.

“Hire a basic researcher, first and foremost. Allow your company to budget for these types of intrusions,” Wethern added.

“And before this all happens, make sure to have a data breach summary in place. Be current with bug bounty programs, own up to your mistakes, and honor the fact that security researchers can be good people out to do good things.”

 

To read the origianal article:

https://securityaffairs.co/wordpress/71669/data-breach/health-stream-data-leak.html

 

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Laisser un commentaire

Next Post

SunTrust unfaithful employee may have stolen data on 1.5 Million customers

SunTrust Banks Inc announced it discovered that a former employee may have attempted to download information on nearly 1.5 million clients and share it a criminal organization. A former employee at the SunTrust Bank may have stolen data on 1.5 million clients,  including names, addresses, phone numbers, and account balances. “The […]