Misconfigured servers again the culprit…
What connects 800,000 blood donors in Singapore, a Californian medical software company and electronics smartphone retailer Gearbest?
The answer is that all three have suffered significant data breaches in recent days owing to misconfigured and insecure servers.
California-based Meditlab Software Inc, which provides software to general practice offices, pharmacies and hospitals, was exposed after Dubai-based cyber security company SpiderSilk spotted a server with over six million records on it running on a password-free Elasticsearch database.
Exposed: a host of sensitive data such as blood test results, personally identifiable information and patient medical records. The data was contained within a sub-domain of a Puerto Rico-based server platform MedPharm Services. Meditlab said it is in the processes of reviewing its records and logs to understand “potential exposure.”
Next Up: Gearbest Shoppers and Singaporean Blood Donors…
In a second medical data breach the personal information of over 800,000 blood donors in Singapore was exposed online for more than two months. The vulnerability was discovered by a cybersecurity research who alerted the authorities, but it is unclear who else had access to the data while it was viewable.
The Health Science Authority of Singapore released a statement blaming the vendor Secur Solutions Group Pte Ltd (SSG) for the breach that exposed the sensitive information such as donor’s names, blood type height, weight and dates of their last three donations.
They stated that: “SSG had placed the information we provided them on an unsecured database in an internet-facing server on 4 Jan 2019 and failed to put in place adequate safeguards to prevent unauthorised access. This was done without HSA’s knowledge and approval, and was contrary to its contractual obligations with HSA.”
SSG have taken action to secure the data and enlisted cybersecurity experts from KPMG’s Singapore division to help them investigated the breach and limit the damage caused
Next up was Gearbest, and, again, millions of shoppers and their orders were exposed through an unsecured Elasticsearch server. The server was reportedly not protected by a password and, despite assurances from the company that sensitive data is encrypted, most of the contents of the database were decidedly not.
Of the 1.5 million customer records that were leaked, the data included customer details like names and addresses, payment data included payment types and payment information, and order data.
Stephen Gailey, Head of Solutions Architecture at Exabeam, said in an emailed comment: “Gearbest’s woes highlight a fundamental truth about information security – it doesn’t matter how good your technology is, in the end it will be let down by poor operational practices. Admittedly some technologies make it harder than others to get things right, but the reality is that operational teams either don’t understand security best practice or are given too little time and resource to follow them. What happened at Gearbest in terms of poor operational controls is happening across the world today and the next company to be in the news is probably being breached as we speak.”
Anurag Kahol, CTO at Bitglass added: “Throughout 2018 and 2019, misconfigurations have grown in popularity as an attack vector across all industries. This highlights the reality that organisations are struggling with limited IT resources and, consequently, are susceptible to careless and reckless mistakes like misconfigurations.”
“As such, companies must turn to flexible and cost-effective solutions that can help them to defend against data leakage. For example, leading cloud access security brokers (CASBs) provide cloud security posture management (CSPM), data loss prevention (DLP), user and entity behaviour analytics (UEBA), and other capabilities that can give an organisation confidence that its data is truly safe.”