A cybersecurity researcher discovered an exposed Confidant Health database containing thousands of records such as personal identifiable information, psychosocial assessment documents, health insurance information, ID cards, and more. In total, the database contained 126,276 files (equivalent of 5.3 terabytes). A separate folder contained 1,755,571 logging records. Some of these files contain audio and video files.
The research indicates the database was not protected by a password. Therefore, this database could be accessed without a password via the internet. While not every document in the database was exposed, there is still a risk of malicious actors knowing file paths and storage details for additional patient information. Furthermore, the accessible files, viewable with just a web browser, contained private and sensitive information of patients.
Educational Webinars, Videos & Podcasts: Receive cutting-edge insights and invaluable resources, empowering you to stay ahead in the dynamic world of security.
Empowering Content: At your computer or on-the-go, stay up-to-date when you receive our eNewsletters curated with the latest technology and services that address physical, logical, cyber and enterprise resilience.
Unlimited Article Access: Dive deep into the world of cybersecurity and risk management leadership with unlimited access to our library of online articles.