• Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
  • PODCASTS
  • Get Featured
    • INTERVIEWS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
  • Advertise with us
Search
Saturday, January 23, 2021
  • About us
  • Advisory Board
  • Write for CISO MAG
  • Careers
  • Login
  • SUBSCRIBE
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG | Cyber Security Magazine
Cyber Security 2021
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG  - News and Updates| Cyber Security Magazine
  • Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
    • cybersecurity-budget

      A 21st Century Solution to Our Cybersecurity Skills Shortfall

      Artificial Intelligence

      Artificial Intelligence and Cybersecurity: A Double-Edged Sword

      Nissan data breach

      What the Automotive Industry Needs to Learn from Nissan’s Cybersecurity Error

      Phishing Campaign on FINRA

      Five Phishing Baits You Need to Know [INFOGRAPHIC]

      2021 Security Predictions

      2021 Security Predictions: Endpoint Security is of Utmost Importance

  • PODCASTS
  • Get Featured
    • INTERVIEWS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
  • Advertise with us
Home News Repository Blunder! GitHub Data Leak Incidents Impact Over 200,000 U.S. Patients
  • News
  • Threats

Repository Blunder! GitHub Data Leak Incidents Impact Over 200,000 U.S. Patients

By
CISOMAG
-
August 18, 2020
Misconfigured AWS S3 Bucket Exposes PII of up to 350,000 SSL247 Customers
SHARE

Netherlands-based ethical hacker Jelle Ursem, in association with Databreaches.net, uncovered nine data breach incidents at multiple health care providers. The data breach exposed medical records of over 200,000 U.S. patients. In a security report, Ursem stated that the data leaks occurred after a developer exposed login credentials on the public software developer platform GitHub. The GitHub repositories included personally identifiable information (PII) and Protected Health Information of patients with a few simple searches.

The nine U.S. entities that were affected in the incident include, Xybion, MedPro Billing, Texas Physician House Calls, VirMedica, MaineCare, Waystar, Shields Health Care Group, AccQData, and one entity is left unnamed.

Negligent Developers

Databreaches.net revealed the commonly caused data leak errors caused by developers:

  • Embedding hard-coded login credentials in code instead of making them a configuration option on the server the code runs on
  • Using public repositories instead of private repositories
  • Failing to use two-factor or multifactor authentication for email accounts and/or
  • Abandoning repositories instead of deleting them when no longer needed

How to Avoid Leaks on GitHub

  • Forcing password changes periodically
  • Using 2FA or MFA for email accounts
  • Prohibiting the use of public repositories by your developers and requiring the use of private repositories
  • Prohibiting the use of hardcoded login credentials in repositories

“It took Ursem less than ten minutes to find that yes, medical data had been exposed on GitHub — and a lot of it. Ursem uses variations on simple search phrases like ‘company name password’ (or in this case, ‘medicaid password FTP’) to quickly find potentially vulnerable hardcoded login usernames and passwords for systems. After identifying potential targets, Ursem just logs in with the front door key. It does not matter if the credentials Ursem finds relate to a database, an Office365 or Gmail account or a Secure File Transfer host. You just point the right software at it and hit connect. It really is that simple,” the report said.

“Once logged in to a Microsoft Office365 or Google G Suite environment, Ursem is often able to see everything an employee sees: contracts, user data, internal agendas, internal documents, emails, address books, team chats, and more,” the report added.

 

  • TAGS
  • cybersecurity
  • Data Breaches
  • data leaks
  • developer
  • GitHub repositories
  • health care providers
  • Jelle Ursem
  • login credentials
SHARE
Facebook
Twitter
Previous articleCustomized Automation: How to Optimize VRM
Next articleJack Daniel’s and Carnival Cruise Land “On the Rocks” with Ransomware Attacks
CISOMAG
https://cisomag.eccouncil.org/

RELATED ARTICLESMORE FROM AUTHOR

Joe Biden, Biden, POTUS, new POTUS, U.S. President, SolarWinds, Solar Winds hack, SolarWinds cyberattack, cybersecurity, cybersecurity budget, cybersecurity head, national cybersecurity head, Joe Biden cybersecurity budget
Governance

Biden Takes Up Cybersecurity on First Day in Office

GDPR fines in 2020
News

EU Regulators Imposed over €272.5 Mn in GDPR Fines to Date

Unprotected Server Exposes Facebook Scraped Data of 12 Mn Users in Vietnam
News

OpenWRT Administrator Account Breached



EXCLUSIVE

Evolution of Insurance Fraud, BAE Systems Applied Intelligence

Episode #6: How Insurance Fraud is Evolving (and Anti-fraud Measures)

CISOMAG - December 21, 2020
0

FOLLOW US FOR MORE UPDATES

Follow @CISOMAG

Latest Issue is Out!

Cybersecurity 2021

Cyber security editorial calendar 2021

MOST POPULAR

Research Finds Increase in Botnet and Exploit Activity in Q2 2020

45% companies don’t have cybersecurity leader: Study

CISOMAG - December 11, 2017
s3 bucket security, Unacademy Suffers a Data Breach

Nearly half of companies have suffered a data breach in the past year: Survey

November 15, 2017
Messaging

Mobile messaging apps new hideout of Dark Web activities: Study

October 27, 2017
Kaspersky

NSA hacking code lifted from a personal computer in U.S.: Kaspersky

October 30, 2017

Instagram data breach! 49 million users’ sensitive data exposed online

May 23, 2019

RECENT POSTS

Joe Biden, Biden, POTUS, new POTUS, U.S. President, SolarWinds, Solar Winds hack, SolarWinds cyberattack, cybersecurity, cybersecurity budget, cybersecurity head, national cybersecurity head, Joe Biden cybersecurity budget

Biden Takes Up Cybersecurity on First Day in Office

January 22, 2021
GDPR fines in 2020

EU Regulators Imposed over €272.5 Mn in GDPR Fines to Date

January 22, 2021
Unprotected Server Exposes Facebook Scraped Data of 12 Mn Users in Vietnam

OpenWRT Administrator Account Breached

January 22, 2021
Cyberattacks Increase As Cybercriminals Innovate Faster: NTT Report

ShinyHunters Leak 1.9 Mn Pixlr Users’ Records Online

January 22, 2021
reusing passwords

Google Chrome 88 To Fix Weak Passwords for Better Online Security

January 21, 2021
Cybersecurity News and Updates, Magazine
CISOMAG is the handbook for Chief Information Security Officer (CISO)s, CXOs, and every stakeholder of safe internet.
Contact us: [email protected]

EVEN MORE NEWS

Joe Biden, Biden, POTUS, new POTUS, U.S. President, SolarWinds, Solar Winds hack, SolarWinds cyberattack, cybersecurity, cybersecurity budget, cybersecurity head, national cybersecurity head, Joe Biden cybersecurity budget

Biden Takes Up Cybersecurity on First Day in Office

January 22, 2021
GDPR fines in 2020

EU Regulators Imposed over €272.5 Mn in GDPR Fines to Date

January 22, 2021
Unprotected Server Exposes Facebook Scraped Data of 12 Mn Users in Vietnam

OpenWRT Administrator Account Breached

January 22, 2021

POPULAR CATEGORY

  • News1896
  • Threats1066
  • Features314
  • Partnerships210
  • Governance170
  • Startups160
  • Interviews71
  • Terms of Use
  • Privacy Policy
  • Advertise with us
  • Contact Us
  • MASTERCLASS
© CISOMAG 2020
Edit with Live CSS
Save
Write CSS OR LESS and hit save. CTRL + SPACE for auto-complete.