Over a million clinical records exposed in data breach

News
By published

2TB of medical information found publicly available

healthcare
(Image credit: Rawpixel / Pixabay)
  • A clinical research organization's dataset has been discovered online
  • The documents include Personally Identifiable Information (PII)
  • It's not clear whether criminals have accessed the information

A dataset belonging to a clinical research firm has been discovered publicly exposed online without an encryption or password-protection.

Security researcher Jeremiah Fowler discovered the DM Clinical Research database containing 1,674,218 records, totaling 2TB, including names, medical information, phone numbers, email addresses, medications, and health conditions - along with other data which would put anyone exposed at risk of fraud, identity theft, or social engineering attacks.

Although the name of the dataset indicates the details belong to DM Clinical Research, it's not clear if this was owned and managed by them directly or by a third-party - but here’s what we know so far.

Valuable information

It’s unclear how long the database was exposed before the researcher sent a disclosure notice, but it was no longer accessible ‘within hours’ of the notice being sent. There’s a chance that threat actors may have accessed the information, but only an internal forensic audit could determine this.

“Our team is currently reviewing the details of your findings to ensure a swift and comprehensive resolution," DM Clinical Research replied to the disclosure. "Protecting sensitive data is a cornerstone of our organization’s operations, and we are committed to addressing any vulnerabilities in alignment with best practices and applicable laws & regulations”.

Healthcare information is extremely sensitive and highly valuable for threat actors. Because of this, healthcare organizations are being hit hard by cyberattacks - especially by ransomware and data breaches - which is why data protection is so important in industries that hold personal information.

In 2024, a cyberattack led to the compromise of 190 million American, forcing some applications offline and UnitedHealth also suffered a ransomware attack which resulted in customer information leaked onto the dark web - highlighting just how attractive the industry is for criminals.

Serious consequences

This could be really damaging for patients, especially those with serious medical conditions that may come with stigma, like psychiatric conditions, HIV, or cancer. If criminals access your medical information, they can construct social engineering attacks pretending to be a doctor, health insurance company, or medical professional.

“Any public exposure of health-related information could have potentially serious implications. While things like financial data and some PII can change over time, personal health histories do not,” Fowler points out.

For companies, there are steps you can take to protect your data so that your organization is protected. Security breaches can cost an organization millions, not just in direct costs, but in reputational damage for customers and business partners.

To ensure you’re storing customer data safely, encryption software is incredibly important. Businesses have a legal responsibility to protect their customer records, which means un-encrypted datasets could result in legal action and financial loss.

Using real-time threat and intrusion detection can be a vital tool too, like endpoint detection software, which works by scanning for intrusions and suspicious activity, and alerting security admins if anything is found.

After a breach, it’s important for firms to be transparent to mitigate the damage. This will ensure lasting consumer confidence and trust between your organization and its partners.

For individuals affected by a data breach, it's crucial to monitor financial accounts, bank statements, and transactions to look for anything out of place.

Especially important is being on the lookout for social engineering attacks like phishing - with medical information, criminals may pose as trusted professionals or, in the US where healthcare can compromise your financial situation, take advantage of patients who may desperately need money.

Be wary of unexpected communications, any unrecognised emails or phone calls, and don’t open any attachments that aren’t from 100% trusted sources. Make sure you create a strong and secure password, and don’t reuse it, especially for financial and health organizations.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Data Breach
Thousands of healthcare records exposed online, including private patient information
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
Security padlock and circuit board to protect data
A major US TV broadcaster leaked over a million sensitive files online
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
Latest in Security
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
Latest in News
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Pedro Pascal in Apple's Someday ad promoting the AirPods 4 with Active Noise Cancellation.
Pedro Pascal cures his heartbreak thanks to AirPods 4 (and the power of dance) in this new ad
Frank Grimes confronts Homer Simpson in The Simpsons' Homer's Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
Nvidia GR00T N1 humanoid robot
Nvidia is dreaming of trillion-dollar datacentres with millions of GPUs and I can't wait to live in the Omniverse
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way
More about security
Robotic hand clicking on captcha 'I am not a robot'.

Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
Close up of a person touching an email icon.

Criminals are using CSS to get around filters and track email usage
A computer file surrounded by red laser beams

Free online file converters could infect your PC with malware, FBI warns
See more latest
Most Popular
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Nvidia GR00T N1 humanoid robot
Nvidia is dreaming of trillion-dollar datacentres with millions of GPUs and I can't wait to live in the Omniverse
Pedro Pascal in Apple's Someday ad promoting the AirPods 4 with Active Noise Cancellation.
Pedro Pascal cures his heartbreak thanks to AirPods 4 (and the power of dance) in this new ad
Nvidia Earth-2 weather models
Nvidia has updated its virtual recreation of the entire planet - and it could mean better weather forecasts for everyone
Sennheiser HD 550 headphones profile shot
Sennheiser announces new HD 550 headphones with high-quality audio for gamers and audiophiles
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Frank Grimes confronts Homer Simpson in The Simpsons' Homer's Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way
Robotic hand clicking on captcha 'I am not a robot'.
Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
Nvidia DGX Station
Nvidia’s DGX Station brings 800Gbps LAN, the most powerful chip ever launched in a desktop workstation PC