Unsecured SkyMed Database Exposed PII Data Of 137K Individuals

  • 1

Despite the repeated reports of data leaks from unprotected databases, organizations haven’t taken serious measures to protect their assets. Another Elasticsearch database exposed a huge amount of records publicly. This time, the source appears to be the medical emergency evacuation service SkyMed. The unsecured SkyMed database exposed personal and medical information of about 137,000 individuals.

Unprotected SkyMed Database Exposed Huge Records

As reported by the Security Discovery researcher Jeremiah Fowler, SkyMed has exposed a huge amount of records publicly. The unsecured SkyMed database allegedly leaked roughly 137K records including explicit personally identifiable details.

He stumbled upon an open Elasticsearch database that included records containing detailed information of the individuals. The exposed data precisely included PII data and, in some cases, medical information and notes too. As stated,

“Inside the database was each member’s file that included personally identifiable information and some accounts had medical information or notes about the user.”

Fowler found a total of 136, 995 records containing names, contact numbers, email address, home addresses, birth dates, and other account data in plain text. As per his findings, anyone could easily access, edit, download, or delete the data without hassle.

While he couldn’t verify the actual duration for which the database remained public, Fowler did find evidence hinting towards ransomware.

Leaky Database Taken Down

Fowler stated that he came across the leaky Elasticsearch database on March 27, 2019. Following his discovery, he reported it Skymed. While he received no response from the firm over this matter, he did confirm that the database no longer remains online.

SkyMed is a medical evacuation emergency service that ensures access and provision of treatment in the US to an ailing person on vacation or whilst traveling.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!