Expert Commentary: Unsecured databases exposes 3.1M+ patients’ data

Today, ethical security researcher Bob Diachenko published a write-up on his discovery of medical software company Adit‘s insecure database containing more than 3.1M patients’ information. In his write-up, Diachenko notes how he discovered the exposed database on July 13 and proceeded to disclose the issue to the company, but did not receive a response. As a result, the data was destroyed and potentially stolen over a week later by a malicious bot.


EXPERTS COMMENTS
Casey Kraus, President of Cloud Security Management Provider,  Senserva
August 13, 2020
Adit should be making their clients aware so they can inform the patients involved.
The breach of over 3 million individual records is a large deal that has major consequences for the people who likely do not know their personal information was jeopardized. An unsecured database that does not require a password or other authentication to access it is likely more common than we are lead to believe. All of people involved in this breach could have repercussions to their personal ....
[Read More >>]
Casey Ellis, CTO and Founder,  Bugcrowd
August 12, 2020
Organizations across all industries can benefit from having a vulnerability disclosure program (VDP) in place.
This researcher’s discovery of Adit’s unsecured database and disclosure to the company is a textbook practice that ethical security researchers will do to help organizations proactively identify and close vulnerabilities before they can be exploited by bad actors. Unfortunately, Adit’s failure to respond to the researcher in the time allowed a bot to delete and possibly steal the critical in ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article