The University of Chicago Medicine scrambled to secure a database containing information on patients as well as existing and potential financial donors, after a researcher discovered that a misconfiguration left nearly 1.68 million records exposed to the public.
Bob Diachenko, cyber threat intelligence director at Security Discovery, said in a June 3 company report that he found the open Elasticsearch database last May 28 while using the Shodan search engine. The 34GB cluster, named “data-ucmbsd2” reportedly contained 1,679,993 records with information that included individuals’ names, birth dates, addresses, phone numbers, email addresses, genders, marital statuses, and financial status, as well as communication notes.
Certain records also contained the names and clinical areas of physicians who treated patients listed in the database, UChicago Medicine acknowledged in its own June 3 press release. However, the database did not include information from patients’ medical records, nor did it hold financial information or Social Security numbers, the school asserted.
Please register to continue.
Already registered? Log in.
Once you register, you’ll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.