- Politics
- Diversity, equity and inclusion
- Financial Decision Making
- Telehealth
- Patient Experience
- Leadership
- Point of Care Tools
- Product Solutions
- Management
- Technology
- Healthcare Transformation
- Data + Technology
- Safer Hospitals
- Business
- Providers in Practice
- Mergers and Acquisitions
- AI & Data Analytics
- Cybersecurity
- Interoperability & EHRs
- Medical Devices
- Pop Health Tech
- Precision Medicine
- Virtual Care
- Health equity
5M Medicare Supplement Records Could Be Exposed to the Public
MedicareSupplement.com is using an unsecure, public database.
Last week, Inside Digital Health™ reported that the use of an unsecure database, MongoDB, could have put thousands of patients who use Vascepa at risk of attack. But more than one healthcare organization is using the public database to store data.
Comparitech and security researcher Bob Diachenko today said they uncovered that an online database of more than 5 million records belonging to MedicareSupplement.com was left open and accessible to the public.
The researchers are unaware if an unauthorized user gained access to the database.
MedicareSupplement.com is an insurance marketing website that helps users find supplemental medical insurance. Users must enter personal information to receive a quote.
Records included:
- Full name
- Address
- IP address
- Email address
- Date of birth
- Gender
- Marketing-related information such as clicks and landing pages
Approximately 239,000 records also indicated insurance interest area like cancer, life and auto.
Inside Digital Health™ made several attempts to speak to a spokesperson from Medicare Supplement but could not reach anyone.
Diachenko said there are ramifications of exposing databases such as MongoDB without a password or other authentication.
“I have previously reported that the lack of authentication allows the installation of malware or ransomware on the MongoDB servers,” he said. “The public configuration allows the possibility of cybercriminals to manage the whole system with full administrative privileges.”
When the malware is in place, criminals can remotely access server resources and launch a code to steal or destroy any saved data on the server.
Diachenko and Comparitech warn anyone who has used MedicareSupplement.com in the past to look out for medical identity theft and to learn how to spot phishing emails.
Get the best insights in digital health directly to your inbox.
Related
Phishing Emails Play on Our Fear of Failure
Hacking and Neglect Continue to Keep Healthcare in Danger
3 Trends Plaguing Healthcare Cybersecurity & How to Fight Them
Cybersecurity panel: How hospitals can protect their patients and their systems
November 18th 2024Chief Healthcare Executive® presents the final installment in our series, with experts from HIMSS, the American Hospital Association, and Providence. In this episode, our panel offers advice on how health systems can improve.
Cybersecurity panel: The scope of recent ransomware attacks in healthcare
October 28th 2024Chief Healthcare Executive hosted a discussion on cybersecurity with leading experts from the American Hospital Association, HIMSS and the Providence health system. They talked about the growing problem of cyberattacks.
