Connect with us

Hi, what are you looking for?

Tech & Science

Over a billion records belonging to CVS Health exposed online

A database, 204GB in size, contained event and configuration data including production records of visitor IDs, session IDs, device access information, has been breached.

A CVS pharmacy in Southside Place, Texas — Image by WhisperToMe via Wikimedia / Public domain.
A CVS pharmacy in Southside Place, Texas — Image by WhisperToMe via Wikimedia / Public domain.

Security researchers have revealed the discovery of an online database belonging to CVS Health which exposed over a billion records online. The database was not password-protection and had no form of authentication in place to prevent unauthorized entry.

Upon examination of the database, the team found over one billion records that were connected to US healthcare and pharmaceutical giant, which owns brands including CVS Pharmacy and Aetna.

The database, 204GB in size, contained event and configuration data including production records of visitor IDs, session IDs, device access information — such as whether visitors to the firm’s domains used an iPhone or Android handset — as well as what the team calls a “blueprint” of how the logging system operated from the backend.

In addition, the records contained search data from CVS.com and CVSHealth.com for both COVID-19 vaccines and medications, according to Forbes.

Commenting on this latest incident for Digital Journal is Pravin Rasiah, VP of Product, CloudSphere.

Rasiah  begin his analysis by singling out why healthcare has become a recurrent target: “Healthcare systems, entrusted with large amounts of information, must be hypervigilant in protecting all of the data they collect.”

Due to the value of data, relating to people, medical conditions, and their interactions with medical treatments, rogue actors have healthcare in mind. In addition, some rogue states may wish to simply disrupt another nation’s healthcare system.

Consequently, Rasiah finds: “Patient records, visitor sessions and logging information are all at risk. Leaving a database exposed without a password or authentication to prevent unauthorized entry is a surefire way to put this highly sensitive data in jeopardy.”

Many vulnerabilities are due to the configuration or mismanagement of cloud computing. According to Rasiah: “The complexity of cloud platforms means that without proper awareness of user access, any gap in security could leave the door open for cybercriminals to infiltrate.”

As to what can be done, Rasiah recommends: “To ensure data remain secure, a governance platform with the ability to provide real-time updates within the cloud landscape is vital. With holistic visibility into complex deployments, user access, and security guardrails in place to identify and remediate potential misconfigurations, healthcare organizations can properly secure and protect their patients’ information.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Speaking at the Innovation Week YYC Launch Party, Naheed Nenshi shared his vision for how Alberta can harness its innovation potential.

Life

COVID-19 pandemic did not lead to an excess in suicide mortality in 2020, that does not mean that the pandemic wasn't related, in some...

Tech & Science

Video game "Astro Bot" -- a family-friendly sci-fi adventure -- was named 2024's Game of the Year on Thursday - Copyright AFP Philip FONGVideo...