An ElasticSearch database that was left open to the internet exposed about 4.9 million data points of personal information. The information includes data on all rehab treatments and procedures, linked with patients names and other info. Justin Paine, director of trust and safety at Cloudflare, discovered that the database wasn t protected by any sort of authentication. Paine found that a single patient ID could have multiple rows of data for different medical procedures. The hosting provider of the database locked down the information, though the rehab center hasn’t responded yet.
Source: https://threatpost.com/medical-documents-addiction-patients-leaked/143993/