Cyber Incident Victim: Innovative Solution for Healthcare

In late October 2020, researchers from SafetyDetectives led by Anurag Sen discovered an unprotected Elasticsearch server belonging to an unnamed healthcare technology company during a routine IP address scan. The exposed cloud server contained approximately 12 million medical records that included highly sensitive patient diagnostic information. While the exact duration of exposure prior to discovery remains unknown, the server was accessible without authentication, allowing potential unauthorized access to the trove of protected health data. The incident gained notoriety when the vulnerable infrastructure was subsequently compromised by the automated "Meow" attack, which overwrites exposed databases with no clear motive beyond destruction. SafetyDetectives publicly disclosed the breach on December 23, 2020, through a report by Phil Muncaster published on DataBreaches.net, though the original discovery occurred nearly two months earlier during their security research activities.

The Meow attack's intervention destroyed portions of the exposed medical records, though the extent of data destruction versus prior unauthorized access remains unclear from available reporting. No threat actor claimed responsibility for either the initial exposure or the subsequent Meow compromise. The incident exposed sensitive patient health information at significant scale, with 12 million records compromised across an unspecified number of healthcare providers or individuals. Public reporting did not confirm whether the healthcare technology company notified affected parties or regulatory bodies about the breach. SafetyDetectives' discovery methodology involved scanning internet-facing systems for misconfigured Elasticsearch instances, a common vector for inadvertent data exposure. The researchers did not specify whether they identified the healthcare technology company by name or merely documented the technical parameters of the exposed infrastructure.