Data Leak Exposes Over Five Million Patients in Mexico: Cybernews Discovery

Over five million patients in Mexico are facing a potential risk after a data leak from hospital information systems due to a missing password. The Cybernews research team uncovered a misconfigured Kibana instance on August 26th, which stored a massive amount of patient data, including names, ethnicities, nationalities, religions, blood types, dates of birth, genders, phone numbers, email addresses, Mexican personal identification numbers (CURP), healthcare service charges, hospitals visited, and payment request descriptions.

The leaked database exposed 5.3 million individuals in Mexico, approximately 4% of the country’s population. The open instance was attributed to eCaresoft Inc., a Texas-based software company that operates cloud-based Hospital Information Systems. Although the leak did not include health records, the leaked CURP numbers pose a significant risk as they could be used for identity theft and fraud.

Cybercriminals could exploit this data for various illegal activities, including insurance fraud, unauthorized transactions, and identity theft. The leaked information could also be used for phishing attacks and blackmail schemes. eCaresoft responded by stating that the leaked data was from a test instance with anonymized and randomly generated test data, not real patient information.

This incident highlights the importance of securing sensitive data and the potential risks posed by unintentional data leaks. Companies must prioritize cybersecurity practices to prevent such incidents in the future. Cybernews research has shown that data leaks due to unsecured databases are a common issue, emphasizing the need for proactive measures to safeguard personal information.