Researchers have discovered an unprotected database that publicly uncovered 1000’s of medical prescriptions. The database leaked Vascepa prescriptions for over 78,000 sufferers. Furthermore, it additionally leaked the non-public particulars of those sufferers.
Vascepa Prescriptions Uncovered On-line
The vpnMentor hacktivist duo, Noam Rotem and Ran Locar, discovered one other leaky database as they proceed with their net mapping venture. This time, the unsecured database uncovered affected person information and medical prescriptions for a drug ‘Vascepa’. Vascepa is a complement treatment, manufactured by Amarin, for decreasing triglycerides.
Particularly, the duo found an unsecured MongoDB that leaked Vascepa prescriptions for over 78,000 sufferers. Alongside prescriptions, the publicly accessible database additionally uncovered personally identifiable data (PII) of the sufferers taking the drug. Furthermore, the researchers may additionally a second database having details about transactions.
As acknowledged within the vpnMentor blog post,
The information contains full figuring out data for the 78,000+ sufferers who take the treatment. A second database with transaction data was additionally accessible.
Concerning the leaked private data, it included sufferers’ full names, cell phone numbers, electronic mail addresses, and residential addresses. Whereas, the transaction information included pharmacies’ names and addresses, pharmacy ID, prescribing physician, prescribers’ medical license sorts, member ID, Nationwide Supplier Identifier (NPI) quantity, and NABP (Nationwide Affiliation of Boards of Pharmacy) E-Profile quantity.
Database Possession Remained Undetermined
Preliminary investigations relating to the unsecured database made researchers imagine that it belonged to ConntectiveRX. Although, they couldn’t deduce agency outcomes for the reason that database solely contained prescriptions for one drug solely.
We suspect the database might belong to ConnectiveRX, given the consistency of the tags within the information.
Nonetheless, ZDNet revealed that the agency denied the possession. In line with the assertion by ConnectiveRx CTO, David Yakimischak,
The database referenced within the current media article just isn’t a database that we preserve and even have entry to. We don’t use that database administration system in any respect for any of our applications.
Thus, the id of the database proprietor stays veiled.
Simply earlier than this report, the 2 researchers additionally highlighted information leakage via an open database belonging to XSocialMedia – a Fb promoting company. The incident additionally uncovered medical data relating to US veterans.
Tell us your ideas within the feedback.
