Double whammy: After 1.5 mn health records exposed on AWS, mega outage follows

Databreaches.net recently reported how a basic infosec failure led to millions of records with personal medical information being exposed on Amazon Web Services. The snafu exposed not only insurance claims data from insurance carriers, third party administrators and self-insured but also internal documents that revealed how some entities planned to defend against specific claims. Insurers using Systema Software were hit in this 'self-inflicted' data breach. The report also reveals some numbers that say, "There were a minimum of 1.5 million individuals who had personal details exposed, probably 1 million SSNs, more than 5 million financial transactions detailed, over 1000 entities that had data exposed, and hundreds of thousands of injury reports. Not all entities are necessarily clients of the software firm."

 Double whammy: After 1.5 mn health records exposed on AWS, mega outage follows

Representational image: Reuters


Tech enthusiast Chris Vickery spotted these files on Amazon servers and reported it to Systema Software. Gizmodo reports that shortly after Vickery made contact with the affected organizations, the database disappeared from the Amazon subdomain. The data, says Systema Software COO Danny Smith, was left visible due to a contractor's mistake.

The only good news that came out of this was that the data was accessed by just that one person. This was clarified in a statement by Systema Software spokesperson, "Systema Software recently became aware that a single individual gained unapproved access into our data storage system containing data belonging to certain Systema clients. In addition to communicating with Systema, this individual also self-reported this discovery to the proper authorities and impacted clients and is in the process of working with the Texas Attorney General to securely wipe all data from his hard drive. While our investigation is still ongoing, it is important to note that, based on our initial review, we have no indication that any data has been used inappropriately." The statement also added that they have taken immediate action that includes launching internal reviews, notifying impacted organizations and working with state and federal authorities and a forensic IT firm. In an update by Gizmodo, Systema denied that 1.5 million people were affected and that they "will continue to work vigilantly to address this issue and will provide updates" as they learn more from their review.

And if that wasn't enough, AWS suffered a monster outage that impacted its cloud systems and brought down several sites with it. Big guys affected were Netflix, Tinder, IMDb and Amazon's Instant Video and Books websites. AWS services CloudWatch, Cognito and DynamoDB were also seen moving at turtle speeds. The report add that till last confirmed, Amazon pointed to data faults being seen on multiple services at its oldest public cloud facility, North Virginia US-EAST-1 site and that they were recovering from the blunder.

Updated Date: Sep 21, 2015 12:41:19 IST