A non-password-protected database containing over 17 billion information was uncovered.
The leaked information included healthcare supplier data, corresponding to names, addresses, and call numbers.
The leaked information additionally included negotiated charges for medical procedures.
The info leak was brought on by a safety lapse at Cigna Well being.
Cigna Well being has taken steps to safe the database and is investigating the incident.
Cybersecurity researcher Jeremiah Fowler has unearthed a regarding incident involving a non-password-protected database containing over a staggering 17 billion information. The intensive information have been traced again to Cigna Well being, a significant participant within the medical health insurance business. The corporate’s effort to bolster transparency inadvertently led to this huge information leak, as disclosed by Fowler.
The leaked information, amounting to a colossal 6.35 terabytes, primarily consisted of healthcare supplier data. Particulars included the names of hospitals and medical doctors, location addresses, contact numbers, and varied identification numbers such because the Nationwide Supplier Identifier (NPI). Importantly, these information additionally disclosed negotiated charges for medical procedures. Nonetheless, it’s important to make clear that the uncovered information didn’t embody buyer or affected person data.
Fowler’s discovery prompted a swift response from Cigna, acknowledging the safety lapse and taking rapid measures to safe the weak database from public entry. Cigna defended its stance by citing its Transparency in Protection program, which adheres to federal rules in place since 2022.
Notably, the data contained inside the database was meant for public entry because of regulatory necessities. Nonetheless, the shortage of correct safety measures posed potential dangers to Cigna’s broader inside storage community.
The uncovered database, which supplied an unprecedented behind-the-scenes look into Cigna Well being, detailed the corporate’s operations spanning all 50 states in america. Cigna Well being presents an array of medical health insurance plans, catering to people, households, employers, and varied authorities packages.
The database’s construction was logically organized and simply searchable, revealing supplier information alongside Present Procedural Terminology (CPT) codes. Below the Inexpensive Care Act, well being insurers are mandated to reveal negotiated charges publicly, emphasizing transparency. Regardless of the potential advantages of this disclosure, the dimensions and complexity of those information recordsdata might show difficult for non-technical people to navigate successfully.
Safety issues concerning the leaked information revolve across the potential misuse of Nationwide Supplier Identifier (NPI) numbers, which function distinctive identifications for healthcare suppliers. Whereas the leaked information didn’t point out any misconduct by Cigna, NPIs have been exploited prior to now for fraudulent actions corresponding to Medicare and Medicaid scams and non-password-protected databases might expose firms to ransomware assaults.
Cybersecurity agency exposes 5 billion information breach information
DreamHost internet hosting agency uncovered nearly a billion delicate information
9,517 unsecured databases recognized with 10 billion information globally
On-line buying and selling dealer FBS exposes 20TB of knowledge with 16 billion information
Brazilian market integrator Hariexpress uncovered 1.75 billion information