Skip to main content
  1. Home
  2. Computing
  3. News

A simple password mistake led to 5.3 million leaked health records

By

Cybernews reports its research teams found a 500GB unprotected database of a Mexican health care company on August 26, 2024. The database exposes sensitive information such as names, personal identification numbers (CURP), phone numbers, descriptions of payment requests, and more.

The total amount of affected people adds up to 5.3 million, making up approximately 4% of the country’s population, as Cybernews notes. The Cybernews report indicates that the security mistake occurred with a “misconfigured” use of a data visualization tool called Kibana, which appears to have been left unauthenticated.

Recommended Videos

The massive volume of data was later credited to Ecaresoft, a Texas-based software company behind cloud-based Hospital Information Systems such as Anytime and Cirrus. More than 30,000 doctors, 65 hospitals, and 110 outpatient care centers use Ecaresoft services to manage tasks such as appointment booking, medicine management, inventory management, and more.

Other stolen data includes ethnicities, nationalities, religions, blood types, dates of birth, gender, email addresses, the amount charged for health care services, and the hospitals visited. This time around, threat actors are not to blame as the cause. There is no official information about whether the affected users are aware of the situation or how long the database (now taken down) was up and running.

The affected users’ health records were not taken, but with their Mexican government identification (equivalent to the U.S. Social Security number) at risk, they are exposed to wire fraud and phishing (among other things). The company has yet to release a statement about the unprotected data, but hopefully, we’ll hear something official soon. When data is left unprotected, it can be indexed by search engines and taken by threat actors who are constantly scanning the internet for these types of unprotected files.

While those in the U.S. don’t need to worry about their personal information being compromised in this instance, it shows just how important password security is. An easy-to-guess password makes you as vulnerable as no password at all. Another one of the worst password mistakes in the past decade was Equifax, the 2017 data breach that, due to using “admin” as their password, made it easy for hackers to steal their data.

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
‘Massive copyright violation’ threatens one of the world’s hottest AI apps
Perplexity on Nothing Phone 2a.

Perplexity bills itself as an AI-empowered direct alternative to Google.

Whereas Google operates a search engine, Perplexity aims to operate an AI answer engine that allows users to "ask any question." It then "searches the internet to give you an accessible, conversational, and verifiable answer," per the company FAQ. If that sounds like an AI-enhanced version of search, you'd be right.

Read more
Arm threatens to cancel Qualcomm’s chip design license
The Surface Laptop 7th Edition on a white table.

Bloomberg has reported that chip architecture company Arm Holdings PLC is terminating its licensing agreement with Qualcomm Inc., and has sent the U.S. firm a 60-day cancellation notice. If the cancellation goes through, Qualcomm could be forced to stop selling Arm-based chips -- which includes the majority of its smartphone chips and the new Snapdragon chips used in Copilot+ PC lineup.

The two companies have been caught in a legal dispute for multiple years now. It started in 2021 when Qualcomm acquired the chip design company Nuvia (started by former Apple employees who worked on the M1 chip). The disagreement centers around Nuvia's licensing agreements with Arm and whether Qualcomm's acquisition of these licenses violated Arm's terms of agreement. Arm wants the licensing terms to be renegotiated now that Nuvia is under new ownership, while Qualcomm argues that renegotiation isn't necessary.

Read more
OLED monitors are about to get a ‘comprehensive breakthrough’ in image quality
A color splash on the LG UltraGear Dual Mode OLED.

TCL is best known for making TVs, but the company is eyeing a slot among the best gaming monitors with its new OLED tech. During the Omdia Korea Display Conference, the company highlighted "comprehensive breakthroughs in image quality, power consumption, and lifespan" for OLED monitors and laptops utilizing its new inkjet-printed OLED displays, as reported by Flat0anelsHD.

Inkjet-printed OLED, or IJP OLED, sounds a little ridiculous, but it's tech we've known about for close to a year. Current OLED production is problematic, according to OLED-Info, with deposits of the organic commands used for OLED displays introducing contaminants into the panel. This reduces the yield, but according to TCL, its new IJP OLED process can lead to not only higher yields, but also improvements in image quality.

Read more