Private Medical Data of Over 1.5 Million People Exposed Through Amazon

Gizmodo reports that a wide variety of information about 1.5 million people -- everything from police injury reports, doctor's notes about their patients, and social security numbers -- "all were inexplicably unveiled on a public subdomain of Amazon Web Services. Welcome to the next big data breach horrorshow. Instead of hackers, it's old-fashioned neglect that exposed your most sensitive information." From the article: Tomorrow, [Texas-based researcher Chris Vickers, who discovered the breach] will turn over the data to the the Texas Attorney General, where it will be destroyed. But that doesn’t mean Systema is in the clear. Vickers may not be the only person who downloaded those millions of records as they sat out in the Amazon cloud. We don’t know how long the information was available for everyone to see. But no matter what the timeframe, the neglect could be a HIPAA violation: Systema failed to protect the security of patients’ electronic medical information.

Not really related to Amazon.

Should probably be pointed out that this has nothing to do with amazon other than it was their web hosting used.

Amazon?

[bondsbw]

So Systema is at fault for not securing the data, but the headline pins it on Amazon?

Re:Amazon?

[Cyberax]

Actually, Amazon _is_ suitable for medical data. It complies with all the HIPAA regulations and can sign a BAA with an organization willing to use Amazon services for sensitive data ( https://aws.amazon.com/ru/comp... ).

Of course, nothing can prevent a clueless operator from putting data on a publicly accessible share.