Unsecured Amazon S3 Buckets Contained ID Card Scans of 52,000 Individuals

Premier Diagnostics, a Utah-based COVID-19 testing service, has inadvertently exposed the protected health information of tens of thousands of individuals.

Two Exposed Amazon S3 buckets were discovered by Bob Diachenko of Comparitech on February 22, 2021. It was not initially clear who owned the data, which related to patients from Utah, Nevada, and Colorado. The S3 buckets were eventually traced to Premier Diagnostics.

The S3 buckets contained two databases, one of which included around 200,000 images of scans of ID cards such as driver’s licenses, passports, state ID cards, medical insurance cards, and other IDs documents. The databases had been indexed by search engines and could be accessed over the Internet without a password.

Premier Diagnostics was determined to be the probable owner of the data on February 25, 2020 and attempts were made to contact the company. Contact was finally made on March 1, 2021 and the databases were secured the same day.

It is unclear whether the databases were found and downloaded by any individuals other then Diachenko in the week or more that the databases were accessible over the Internet. Premier Diagnostics confirmed to Comparitech that each individual had four scans: Two scans of a health insurance card and two scans of an ID document, so the IDs and insurance information of approximately 52,000 individuals were exposed. The ID cards included an individual’s name, age, address, gender, ID number, and their photo.

The second exposed Amazon S3 bucket contained a database that included the names, dates of birth, and test sample IDs from individuals who underwent a COVID-19 test, although the database did not include the test result. “Each of the 3,645 items in the bucket is a scanned table with dozens of patients,” explained Comparitech.

Nefilim Ransomware Gang Publishes Data Stolen from Atlanta Allergy & Asthma

Databreaches.net has reported Atlanta Allergy & Asthma in Georgia is one of the latest victims of the Nefilim ransomware gang, which recently published sensitive data on its dark web leak site that was stolen prior to the encryption of files. A 1.3 GB compressed archive was uploaded to the leak site that contained 597 files containing 2.5 GB of data.

The dumped data is a sample of an alleged 19GB of data stolen in the attack, with the Nefilim actors threatening to publish the remaining data if the ransom is not paid. The published data includes billing documents and patient audits that include highly sensitive personal, medical, and insurance information.

The HHS’ Office for Civil Rights website indicates 9,851 individuals have been affected by the breach.

Ransomware Gang Demanded $1.75 Million Payment from Allergy Partners of Western North Carolina

The Federal Bureau of Investigation (FBI) is investigating a February 23, 2021 ransomware attack on Allergy Partners of Western North Carolina that took its IT systems out of action for several days. As a result of the attack, the allergy center was unable to provide allergy shots to patients at its offices in Asheville and Arden. Normal services for patients resumed on March 1 at most of its locations.

According to a report filed with the police department, the attackers demand a ransom payment of $1.75 million for the keys to decrypt files.  Its IT department has been working round the clock to restore files and systems and third-party cybersecurity firms have been engaged to investigate the breach and determine if patient information was accessed or obtained by the attackers.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.