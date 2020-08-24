BlueLeaks Exposed Some COVID-19 Patients’ IDs – Cybersecurity Experts Perspective

A South Dakota news site reveals that the June 2020 “BlueLeaks” massive data breach resulted in the exposed identities of the state’s citizens who tested positive for COVID-19: Massive data breach affects SD COVID-19 patients. In response, cybersecurity experts offer thoughts.

Chloé Messdaghi, VP of Strategy,  Point3 Security
August 24, 2020
Patient status data is particularly sensitive.
We don’t know how the attacker or group of attackers got into the data or what vulnerability was exploited, but it appears that resources and information that were easy to find online and that could've been tagged by anti virus software as malicious were used, so at least some of the websites were possibly out of date. This serves as yet another reminder that local and state websites – even if ....
Dan Piazza, Technical Product Manager,  Stealthbits Technologies
August 24, 2020
Users should only have access to the minimum amount of data required to perform their functions as an employee.
Protecting personal information is more important than ever as attackers become more sophisticated and data privacy regulations are enacted. Given the current pandemic, an individual’s COVID-19 status is likely to be one of the hottest personal information topics. This data breach was originally due to failure to properly secure the affected websites, as attackers used methods that are decades o ....
Saryu Nayyar, CEO,  Gurucul
August 24, 2020
The only bright spot to this revelation is the revealed information is largely time-sensitive, which somewhat reduces the impact.
Security breaches are the "Gift that keeps on giving" in the worst possible way. It should come as no surprise that there have been ongoing repercussions from the BlueLeaks breach in June. The revelation of some people's COVID-19 status in the database has only come to light now, but shows the depth of data revealed and the potential consequences that may not have been realized at the start. Th ....
