- The data set of a clinical research organization has been discovered online
- Documents include personal identification information (PII)
- It is not clear if criminals have accessed information
A data set that belongs to a clinical research firm exposed online without encryption or password protection has been discovered.
Security researcher Jeremiah Fowler discovered the DM Clinical Research database containing 1,674,218 records, by a total of 2TB, including names, medical information, telephone numbers, email addresses, medications and health conditions, together with others Data that would put anyone exposed at risk of fraud, identity. Theft or social engineering attacks.
Although the name of the data set indicates that the details belong to the clinical research of DM, it is not clear if this was property and managed by them directly or by a third party, but this is what we know so far.
Valuable information
It is not clear how long the database was exposed before the researcher sent a dissemination notice, but it was no longer accessible “within a few hours of sending the notice. There is the possibility that the threat actors may have accessed Information, but only an internal forensic audit could determine this.
“Our team is currently reviewing the details of its findings to guarantee a quick and comprehensive resolution,” said DM Clinical Research to the dissemination. “Protecting the confidential data is a cornerstone of the operations of our organization, and we are committed to addressing any vulnerability in alignment with the best practices and laws and applicable regulations.”
Medical care information is extremely sensitive and very valuable for threat actors. Because of this, medical care organizations are being affected by cyber attacks, especially by ransomware and data violations, so data protection is so important in industries that have personal information.
In 2024, a cyber attack led to the commitment of 190 million Americans, forcing some off -line applications and UnitedHealth also suffered a ransomware attack that resulted in the information of the client filtered in the dark network, highlighting how attractive it is the industry for the criminals
Serious consequences
This could really be harmful to patients, especially those with serious medical conditions that can come with stigma, such as psychiatric conditions, HIV or cancer. If criminals access their medical information, they can build social engineering attacks that seek to be a doctor, a health insurance company or a medical professional.
“Any public exposure of health -related information could have potentially serious implications. While things like financial data and some PII can change over time, personal health records, ”says Fowler.
For companies, there are steps you can take to protect your data so that your organization is protected. Security violations can cost an organization millions, not only in direct costs, but also in damage to reputation for customers and commercial partners.
To ensure that it stores customer data safely, encryption software is incredibly important. Companies have the legal responsibility to protect their customer records, which means that non -encrypted data sets could lead to legal actions and financial losses.
The use of the detection of threats and intruders in real time can also be a vital tool, such as the final point detection software, which works by scanning for intrusions and suspicious activities, and alert security administrators if something is found.
After a violation, it is important that companies be transparent to mitigate the damage. This will ensure the lasting confidence of the consumer and confidence between their organization and its partners.
For people affected by data violation, it is crucial to monitor financial accounts, bank extracts and transactions to look for something out of place.
Especially important is to be attentive to social engineering attacks such as phishing: with medical information, criminals can pose as trusted professionals or, in the United States, where medical care can compromise their financial situation, take advantage of patients they may need desperately money.
Be careful with unexpected communications, any email or non -recognized phone calls, and do not open any attached file that is not 100% reliable sources. Be sure to create a strong and safe password, and do not reuse it, especially for financial and health organizations.
