Intsights Found a Huge Number of Open and Misconfigured Healthcare Databases in the Cloud

Intsights, an enterprise threat management platform provider, conducted a survey which revealed an alarming number of medical databases are freely accessible on the web due to misconfigured settings and a lack of authentication.

The primary reason why hackers are targeting healthcare organizations is because of the value of patient information. Healthcare information may be used for different nefarious reasons such as tax fraud and medical identity theft. Healthcare information also has a long lifespan and can be used for much longer than credit card data. If databases and other data repositories are not protected, it is only a matter of time before they will be found and plundered by hackers.

Cloud service providers offer the required safety features to keep sensitive data secure, but those security measures must be configured properly. Transferring data to the cloud increases the attack surface and a large percentage of healthcare providers haven’t effectively mitigated risk. The use of the cloud is not the problem per se. The problem is the lack of process, training, and cybersecurity guidelines. It is not only the healthcare sector that leaves data exposed online. Other industries also experience the same problems, but healthcare companies face higher risks because hackers are targeting them and their data are more valuable.

The Intsights report stresses the fact that vulnerable healthcare databases are targeted by hackers because the data they contain are more useful and valuable.  Accessing those databases is also simple in many cases.

For the study, Intsights looked at two technologies frequently used for handling medical information along with several popular, commercially available databases. The researchers wanted to show just how easy it is to find healthcare data. There’s no need for any hacking technique to find exposed information. It can be done using only Google and Shodan searches, intelligent guesses, technical documents, and subdomain enumeration.

After 90 hours, the researchers found 15 out of 50 databases were exposed. Those databases contained 1.5 million health records. That means 16,667 medical records were found by the researchers every hour. If a medical record is valued at $1 on the black market, a full-time hacker could potentially generate $33 million every year. According to Insights, about 30% of healthcare databases are freely available on the web.

The Intsights researchers found accessible Elasticsearch databases through Shodan searches. One database contained 1.3 million medical records of patients. The database was created by a large medical clinic in a European capital city. The researchers likewise found a misconfigured MongoDB database used by a Canadian healthcare company.

In addition to databases, the researchers spotted one healthcare firm using vulnerable SMB services, even though the vulnerability was exploited in the 2017 WannaCry attacks. There was also one U.S hospital using an open FTP server. FTP’s typically keep records and backup data and stay open to facilitate backup to a remote site. The researchers guessed that this was due to a backup process that had been left open, and that the hospital probably wasn’t aware that the data were accessible.