An ethical hacker found 150,000 to 200,000 patients' records exposed on GitHub due to nine data leak incidents, according to Security Boulevard.
Four details:
1. The hacker, Jelle Ursem, released a report with DataBreaches that found data leaks associated with healthcare providers, a health plan and third-party vendors exposed thousands of patients' records. Just three of the nine entities patched the leaks after being notified about them.
2. The leaks occurred for several reasons, including: embedding hard-coded login credentials instead of making it a configuration option on the server the code runs on; using public repositories; no two-factor authentication; not deploying IP address whitelists.
3. In some cases the organizations didn't enforce password resets or provide a responsible disclosure mechanism.
4. The report named Glover, Mereacre and GnosticPlayers as threat actors misusing GitHub.
More articles on cybersecurity:
Malware attack exposes info of 129,000+ Behavioral Health Network patients
Blackbaud hack exposes info of 657,392 Maine health system donors
Rite Aid pharmacy thefts expose information of 9,200 patients