author photo
By SecureWorld News Team
Wed | Apr 24, 2019 | 4:03 AM PDT

A Pennsylvania drug treatment center is the latest to leave sensitive patient data exposed online.

Infosecurity Magazine reports:

A large trove of personally identifiable information (PII) has been leaked by an addiction treatment center after researchers found another unsecured Elasticsearch database online.

Justin Paine, who is also a director of trust and safety at Cloudflare, blogged about his findings late last week, claiming to have found the offending database via a simple Shodan search.

As the data trove required no authentication to access, he was able to scroll through the 1.45GB of information. Although there were nearly five million documents contained in the database, they related in the end to around 146,000 unique patients.

Paine traced them back to Pennsylvania-based addiction treatment center Steps to Recovery.

Comments