Quote:A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers.
The files were first discovered on April 18 by researcher Jeremiah Fowler, who found the database sitting exposed online without even basic password protection. Fowler said the files made several references to United Valor Solutions. United Valor is a North Carolina-based company which “provides disability evaluation services for the Veterans Administration and other federal and state agencies,” according to its site.
The exposed data included patient names, birth dates, medical information, contact information and even doctor information and appointment times, all of which could be used in socially engineered attacks, Fowler explained. The database also exposed unencrypted passwords and billing details.
“The database was set to open and visible in any browser (publicly accessible) and anyone could edit, download or even delete data without administrative credentials,” Fowler said about his findings.
He added to Threatpost, “This finding is sensitive based on the HIPAA implications and the fact that these are Veterans trying to obtain disability benefits. ”
After disclosing the findings to United Valor, Fowler said he received a reply the next day thanking him and adding, “We communicated your findings to our contractors, and they shut down this public data access immediately.”
Read more: 200K Veterans’ Med Records Likely Stolen by Ransomware Gang | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
