- The clinical research organization has been discovered online
- Documents include personally identifiable information (PII)
- It is not clear if the criminals have accessed the information
A set of data belonging to a clinical research company was discovered publicly exposed online without encryption or password protection.
Security researcher Jeremiah Fowler discovered the DM Clinical Research database containing 1,674 218 files, totaling 2 TB, including names, medical information, telephone numbers, email addresses, medicines and conditions Health – as well as other data that exposes anyone exposed at risk of fraud, flight identity or social engineering attacks.
Although the name of the data set indicates that the details belong to DM Clinical Research, it is not clear if it was detained and managed by them directly or by a third party – but here is what we know so far .
Precious information
It is not known how long the database was exposed before the researcher sends a notice of disclosure, but he was no longer accessible “a few hours” after sending the opinion. There is a chance that threat actors have accessed the information, but only an internal forensic audit could determine it.
“Our team is currently examining the details of your results to ensure quick and complete resolution,” DM Clinical Research replied to disclosure. “The protection of sensitive data is a cornerstone of the operations of our organization, and we are committed to approaching any vulnerability in alignment with best practices and applicable laws and regulations”.
Information on health care is extremely sensitive and very precious for threat actors. For this reason, health care organizations are hardly affected by cyber attacks – in particular by ransomware and data violations – which is why data protection is so important in industries that hold personal information.
In 2024, a cyber attack led to the compromise of 190 million American, forcing certain offline and United Applications also underwent a ransomware attack which led to the leak of information on the Dark Web – stressing how attractive industry is For criminals.
Serious consequences
This could be really harmful to patients, especially those with serious medical conditions that can be stigma, such as psychiatric conditions, HIV or cancer. If criminals access your medical information, they can build social engineering attacks by pretending to be a doctor, a health insurance company or a healthcare professional.
“Any public exposure of health -related information could have potentially serious implications. Although things like financial data and some PII can change over time, personal health stories do not do it, ”says Fowler.
For companies, you can take measures to protect your data so that your organization is protected. Security violations can cost millions of organizations, not only in direct costs, but in reputation damage to customers and business partners.
To make sure you store customer data safely, the encryption software is incredibly important. Companies are legal responsibility to protect their customer files, which means that unacline data sets could lead to legal action and financial loss.
The use of the threat in real time and the detection of intrusions can also be an essential tool, such as the detection software of termination points, which works by scanning intrusions and suspicious activities, and alerting the security administrators If something is found.
After a violation, it is important that companies are transparent to mitigate damage. This will guarantee lasting consumer confidence and confidence between your organization and its partners.
For people affected by a data violation, it is crucial to monitor financial accounts, bank statements and transactions to search for anything out of words.
Particularly looking for social engineering attacks such as phishing – with medical information, criminals can arise as trusted professionals or, in the United States where health care can compromise your financial situation, take advantage of Patients who may desperately need money.
Beware of unexpected communications, all unrecognized emails or telephone calls, and do not open any attachments that is not from 100%sources of trust. Make sure to create a solid and secure password and do not reuse it, in particular for financial and health organizations.
