Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls. Dutch researcher Jelle Ursem discovered nine separate files of highly sensitive personal health information (PHI) from nine separate health organizations. The exposure went undetected for months because of negligent security policies at the companies in charge of the data, researchers said. Developers made errors including using hard-coded credentials in code instead of making them a configuration option on the server the code runs on.
Source: https://threatpost.com/medical-data-leaked-on-github-due-to-developer-errors/158653/