Wednesday, June 29, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home News

Worldwide Leaks Puts over 80,000 Nigerians Medical Data at Risk

Cybersecfill by Cybersecfill
October 28, 2019
in News
0
80,000 Nigeria medical data at risk
Share on FacebookShare on Twitter

80,000 people who participated  in the Nigeria HIV/AIDS Indicator and Impact Survey (NAIIS) in 2018 may have been compromised.

A cybersecurity firm ” WizCase” released lists of medical websites across the world whose database servers are insecure. Wizcase finds it troubling as medical data are very sensitive and should be kept private.

All databases were found to be unsecured as experts do not need password to access information leaving millions of patients and medical staff members exposed.

The research leader Avishai Efrat discovered nine unsecured medical databases in countries such as Saudi Arabia, Brazil, Canada, China, the United States, France and Nigeria. Although they vary in each particular case.

Data leak the medical history
Source: Wizcase

According to information security experts, because most are services provided by third parties, it is likely that the people affected do not even know that their data is in the hands of these companies. Whether we are aware or not, the security risks are real; these risks include widely known practices such as phishing, extortion email campaigns, phone and email fraud, and identity theft.

Information security experts were able to establish a detailed profile with regards to the company operating the databases.

What was affected in Nigeria?

All results of the 2018 HIV/AIDS Indicators and Impact Survey were exposed in the African country. In total, the database consists of 1 GB, equivalent to about 80 thousand records.The data leak included facility and hospital names; patients’ pregnancy status; laboratory results code and value; patients’ age; HIV validation first test date and time; HIV encounter data; medical observations of anonymous people taking the survey; etc.

This survey was made of 88,775 randomly-selected households in Nigeria, counting approximately 168,100 participants, ages 15-64 years and children, ages 0-14 years.

Other Countries affected are:

  • Saudi Arabia: Health-applying software company Stella Technology exposed more than 4 GB of information belonging to nearly 300k patients, including multiple personal details, on an Elasticsearch server
  • Brazil: The database exposed in Brazilian territory, operated by the company Biosoft Medical Software, has 3 GB of information, equivalent to almost 1.2 million records belonging to patients throughout the country
  • Canada: In the case of Canada, the company involved is Dental Software, with its ClearDent solution. In this case, an 8 MB database, equivalent to nearly 60k exposed patients, was discovered on an Elasticsearch server
  • China: Tsinghua University Faculty of Medicine exhibited a database of 650 MB, equivalent to 60k patient records from Tsinghua University Hospital and other medical centers in various Chinese cities
  • United States: Deep Think Health, a company that provides a machine learning platform for the medical industry, exposed a 2.8 GB database, representing more than 700k records of patients and medical staff on an Elasticsearch server. The most sensitive cases involve the exposure of diagnoses and treatment of cancer patients
  • France: The involved company in French territory is Essilor, dedicated to the design and manufacture of ophthalmological devices. The compromised database consists of 5.7 GB, including details of thousands of patients, optometrists and employees from various areas of the company.

“Some of these databases are from 3rd party companies that provide data management and insight for medical institutions. “Unfortunately, they might not understand the possible implications of handling sensitive data insecurely online.

According to Wizacse, “In addition to an invasion of privacy, there are several dangers that could occur should a scammer or hacker obtain some of the data which was exposed in the medical breaches”

Implication Of the Data leaks

Identity Theft:

With so much personal identifiable information out there such as name,date of birth, address e.t.c , scammers can still ones identity

Phishing Scams

Since many of these leaks included an email address and some PIIs, a skilled scammer had enough information to write a believable email with a harmful link in it. Whether they reference the type of medication you’re on, the hospital you’re visiting, or the disease you’re suffering from it would instantly be seen as credible due to the belief of privacy.

Phone Scams

Much like the email phishing scams, once a skilled scammer has your phone number and enough private information, they will be able to devise a credible sounding scam to take advantage of unsuspecting victims. They especially seek out sick and vulnerable “marks” for their scams because they are more likely to believe a caller with some details about their condition. These leaks gave the scammers an entire database of targets to victimize.

Blackmail

Scammers can use the personal information from the data leak to blackmail patients who want to keep their illness or the medicine they are taking a secret. Revealing it could threaten their jobs, family life, and financial security.

Fraud

Scammers can use the information they collected, such as unedited photos of drug prescriptions, and reproduce the details for fraudulent activities. They can also pretend to be one of the patients in the database and use the information they found to commit fraud.

Data leaks such as this shows how little we have control over our personal information.It is important to  note that your personal information may be out there and cyber criminals will use this to build trust by posing from a legitimate entity to get more information from you Never trust any caller regardless of who or what they identify themselves at.

Tags: cybersecurityData breachData leakNigeria
Cybersecfill

Cybersecfill

An independent Nigeria cybersecurity blog.

Next Post
2.59 Million Credit Card Transactions Exposed in Nigeriaxposed

2.59 Million Credit/Debit Card Transactions Exposed by Electronic Settlements Limited

  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

9
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Getting Started in Cybersecurity – Fundamentals You Should Not Miss.

Getting Started in Cybersecurity – Fundamentals You Should Not Miss.

5
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

Recommended

Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

Privacy Policy - Terms and Conditions