An IT professional has discovered that the US healthcare company Health Stream left exposed online contact information for roughly 10,000 medics.
The IT expert Brian Wethern has discovered that the US healthcare company Health Stream left exposed online a database containing contact information for roughly 10,000 medics.
Wethern reported his discovery to Health Stream ten days ago, he explained that the data are hosted one of the websites that have been removed.
Records in the archive left open online includes last names of medics connected to Health Stream’s Neonatal Resuscitation Program, their email addresses, and ID numbers.
The site hosting the medics’ records was taken offline shortly after Wethern reported the data leak, but even if the website is no more accessible, leaked data are still available in different online caches.
Leaked data could be used by threat actors to launch a spear phishing campaign against medics at Health Stream.
“What I found was a front-side database,” Wethern told El Reg. “I don’t need their passwords … because I have the front-side database.”
Wethern decided to disclose the data leak to warn of the risks of such kind of incidents and highlight the importance of reserving a budget for cybersecurity of IT infrastructure.
“Hire a basic researcher, first and foremost. Allow your company to budget for these types of intrusions,” Wethern added.
“And before this all happens, make sure to have a data breach summary in place. Be current with bug bounty programs, own up to your mistakes, and honor the fact that security researchers can be good people out to do good things.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.