• Politics
  • Diversity, equity and inclusion
  • Financial Decision Making
  • Telehealth
  • Patient Experience
  • Leadership
  • Point of Care Tools
  • Product Solutions
  • Management
  • Technology
  • Healthcare Transformation
  • Data + Technology
  • Safer Hospitals
  • Business
  • Providers in Practice
  • Mergers and Acquisitions
  • AI & Data Analytics
  • Cybersecurity
  • Interoperability & EHRs
  • Medical Devices
  • Pop Health Tech
  • Precision Medicine
  • Virtual Care
  • Health equity

5M Medicare Supplement Records Could Be Exposed to the Public

Article

MedicareSupplement.com is using an unsecure, public database.

cybersecurity

Last week, Inside Digital Health™ reported that the use of an unsecure database, MongoDB, could have put thousands of patients who use Vascepa at risk of attack. But more than one healthcare organization is using the public database to store data.

Comparitech and security researcher Bob Diachenko today said they uncovered that an online database of more than 5 million records belonging to MedicareSupplement.com was left open and accessible to the public.

The researchers are unaware if an unauthorized user gained access to the database.

MedicareSupplement.com is an insurance marketing website that helps users find supplemental medical insurance. Users must enter personal information to receive a quote.

Records included:

  • Full name
  • Address
  • IP address
  • Email address
  • Date of birth
  • Gender
  • Marketing-related information such as clicks and landing pages

Approximately 239,000 records also indicated insurance interest area like cancer, life and auto.

Inside Digital Health™ made several attempts to speak to a spokesperson from Medicare Supplement but could not reach anyone.

Diachenko said there are ramifications of exposing databases such as MongoDB without a password or other authentication.

“I have previously reported that the lack of authentication allows the installation of malware or ransomware on the MongoDB servers,” he said. “The public configuration allows the possibility of cybercriminals to manage the whole system with full administrative privileges.”

When the malware is in place, criminals can remotely access server resources and launch a code to steal or destroy any saved data on the server.

Diachenko and Comparitech warn anyone who has used MedicareSupplement.com in the past to look out for medical identity theft and to learn how to spot phishing emails.

Get the best insights in digital health directly to your inbox.

Related

Phishing Emails Play on Our Fear of Failure

Hacking and Neglect Continue to Keep Healthcare in Danger

3 Trends Plaguing Healthcare Cybersecurity & How to Fight Them

Related Videos
Image: Ron Southwick, Chief Healthcare Executive
Related Content
© 2024 MJH Life Sciences

All rights reserved.