Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Huge Trove of Patient Data Leaks, Thanks To Telemarketers' Bad Security (zdnet.com)

Posted by EditorDavid on from the hole-in-the-cloud dept.

"A trove of records containing personal and health information on close to a million people was exposed after a former developer working at a telemarketing company uploaded a backup of its database to the internet," writes ZDNet. An anonymous reader quotes their report: The data contained personal and health-related information, such as names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, health insurance information, and other data relating to the types of health problems the individuals have regarding the products they need, though many of the records were truncated or incomplete. An examination showed that the database was used to market products to thousands of customers by telemarketers at HealthNow -- no longer a registered business as of 2015. Several records we've seen included customized notes written by staff who were tasked with calling customers, such as when they are home and any other relevant information on the subject.
The database apparently lingered online for years in an AWS instance until it was discovered two weeks ago in search results from Shodan by a Twitter user calling himself Flash Gordon. Databreaches.net, which investigated the breach with ZDNet, believes this as a teachable moment. "Before you give your personal or health insurance information to telemarketers or firms that call to offer you supplies for diabetes or back pain or other conditions, think twice."

5 of 44 comments (clear)

  1. Think twice? by fustakrakich · · Score: 3, Interesting

    Thinking once is good enough. In fact no thought is really required at all. The simple rule is, don't give your info telemarketers. I mean, not that your regular medical establishments are any better

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:Think twice? by Anonymous Coward · · Score: 2, Interesting

      Ever get lured into trying to receive a mail-in rebate? Boom. Ever open a bank account at a major bank? Boom. Keeping your info out of all telemarketing is a unibomber-esque level task.

  2. A case of identity by Anonymous Coward · · Score: 3, Interesting

    The problem is, that these days you can't even hope to be in charge of your personal data. You are at a mercy of whoever you've already given your details to - be it your ISP, GP, optician or virtually anyone else. Checking the 'no marketing, please' checkbox doesn't do a damn thing - databases get leaked, companies get hacked and greedy CEOs may simply say `Screw the legal clause, we want more money, and we can pay legal fees and compensations off it and still come out with profit. If anyone dares to sue us, that is.`

    I personally only give my real details to government institutions or where it's otherwise strictly necessary. I invented a fake identity, with an independent e-mail address and a burner mobile number, that I provide to anyone else.

  3. Telemarkers have bad security? by Anonymous Coward · · Score: 2, Interesting

    That's terrible. It's alarming to think that our sensitive personal data could fall into the hands of greedy, unscrupulous folks.

  4. Re:Question by Anonymous Coward · · Score: 2, Interesting

    It's far from a joke. I work in pharmacy and personally know a Pharmacist that had his license permanently revoked for accidentally tossing out a box of protected health information. It never made it out to the public, but was found by a store manager and reported.

    As part of his agreement to not be fined $X/document, he agreed to never work as a pharmacist in this state, or any other.