Unsecured SkyMed Database Exposed PII Data Of 137K Individuals

Despite the repeated reports of data leaks from unprotected databases, organizations haven’t taken serious measures to protect their assets. Another Elasticsearch database exposed a huge amount of records publicly. This time, the source appears to be the medical emergency evacuation service SkyMed. The unsecured SkyMed database exposed personal and medical information of about 137,000 individuals.

Unprotected SkyMed Database Exposed Huge Records

As reported by the Security Discovery researcher Jeremiah Fowler, SkyMed has exposed a huge amount of records publicly. The unsecured SkyMed database allegedly leaked roughly 137K records including explicit personally identifiable details.

He stumbled upon an open Elasticsearch database that included records containing detailed information of the individuals. The exposed data precisely included PII data and, in some cases, medical information and notes too. As stated,

“Inside the database was each member’s file that included personally identifiable information and some accounts had medical information or notes about the user.”

Fowler found a total of 136, 995 records containing names, contact numbers, email address, home addresses, birth dates, and other account data in plain text. As per his findings, anyone could easily access, edit, download, or delete the data without hassle.

While he couldn’t verify the actual duration for which the database remained public, Fowler did find evidence hinting towards ransomware.

Leaky Database Taken Down

Fowler stated that he came across the leaky Elasticsearch database on March 27, 2019. Following his discovery, he reported it Skymed. While he received no response from the firm over this matter, he did confirm that the database no longer remains online.

SkyMed is a medical evacuation emergency service that ensures access and provision of treatment in the US to an ailing person on vacation or whilst traveling.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients