30 April 21, 09:44
(This post was last modified: 30 April 21, 09:48 by silversurfer.)
Quote:The Wyoming Department of Health (WDH) said on Wednesday it accidentally posted COVID test results of state residents onto their public-facing storage buckets.
The WDH said in a public advisory that an employee fumbled the health information of about 164,021 Wyoming residents and of people from other states as early as Nov. 5. The department learned about the data exposure on March 10. The 2020 census showed that Wyoming has about 577,000 residents, meaning that this spill affected about 25% of its population.
The publicly accessible information involved 53 sets of files. Besides COVID-19 and and influenza test results, the cache also contained a file with breathalyzer test results; names or patient IDs; addresses; dates of birth; and the dates when patients were tested. The COVID-19 test results weren’t just from tests taken in Wyoming and electronically uploaded. Test results could have also been performed anywhere in the US between January 2020 and March 2021.
As far as the breath alcohol tests go, the employee accidentally posted the results of 18,312 people – mostly from Wyoming but also from other states – who breathed into a tube for law enforcement in Wyoming as far back as April 19, 2012 and on up until Jan. 27, 2021.
The employee mistakenly uploaded all that to private and public online storage repositories in the cloud, where prying eyes roam as free as mustangs.
It’s far from the first time that we’ve seen developers (or whichever type of WDH employee goofed) fat-finger public health records like this.
In December, 45 million medical images were exposed online, freely left up for grabs for blackmailers, fraudsters or other criminals, due to unsecured technology that’s typically used to store, send and receive medical data. And last August, Dutch researcher Jelle Ursem found what he called the “Typhoid Mary of data leaks”: nine separate files of highly sensitive personal health information (PHI) from apps such as Office 365 and Google G Suite, from nine separate health organizations, leaked to GitHub, thanks to developer errors.
Read more: COVID-19 Results for 25% of Wyoming Accidentally Posted Online | Threatpost