.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Solution for Healthcare
Jan 8, 2021 10:39:14 AM
The target: Solution for Healthcare. a Vietnamese technology firm which provides software for electronic health records and hospital management.
The take: 12 million records of an estimated 80,000 patients and healthcare staff. The personally identifiable information included: full names, dates of birth, postal codes, email addresses, phone numbers, passport details, credit card numbers, and detailed medical records.
The attack vector: The data was initially exposed due to an unsecured Elasticsearch server the company maintained which had no monitoring or credential management. The lack of any security measures whatsoever led to the further development wherein the exposed database was attacked by a malicious, automated software script named Meowbot. This led to the deletion of an unspecified amount of information in the server.
Leaving databases exposed to the without any credential management impacts its confidentiality, integrity and availability. Furthermore, when vulnerable data is left wide open, other kinds of attacks which could make its recovery impossible are easily executed. Ensuring data is protected with the appropriate measures is critical for operational success.
