Hacker Stole Exposed ‘Definitivehc.com’ Databases and Is Now Selling Them Online

  • A hacker is selling the databases copied from an unprotected server belonging to a data analytics firm.
  • The details include the PII of hospital executives and several other exposing details and data points.
  • This is just one of the thousands of exposed instances that are currently open to exploitation.

A hacker is using a popular forum to sell nine CSV files taken from an exposed Azure blob that appears to belong to Definitivehc.com. This is a healthcare data and analytics platform that offers market strategy enhancement services that are possible through these rich data sets. Unfortunately for the people who have been irreversibly exposed by their data-harvesting operations, the firm has failed to configure their server properly, allowing anyone with a web browser to access and copy the files.

The leak includes 9 CVS files containing approximately seven million lines with the following:

  • Hospital executives PII
  • Hospital data files
  • Individual doctor email list
  • Taxonomy data files
  • NPI lists and data
  • HCPCS subscription data files

The hacker has given some samples on Pastebin to demonstrate the validity of the claims made in the listing. We have taken a look, and we can confirm that the data appear to be valid. They contain information about American hospitals and service providers, and all details are in plaintext form. We have contacted DefinitiveHC asking for an explanation on this, but we haven’t heard back from them yet.

We have also contacted the hacker directly to ask for more details about the breach, and the person told us that this is just one of the thousands of unsecured Amazon S3 and MS Azure blobs that lie out there, misconfigured and unsecured. As the seller confirmed, the data is still accessible, so the firm is unlikely to have realized it. Also, it seems that the particular cluster was indexed by specialized search engines like Shodan months ago, so the security lapse is both dire and long-lasting.

Only a couple of days back, we covered a very similar case with another marketing firm, ‘Fractal Analytics,’ failing to secure its Apache Cassandra instance, which ended up being a resell material on hacking forums. This is very unfortunate for the exposed individuals because they rarely ever get to learn that their PII bundled with various marketing-related data points have ended in the hands of hundreds of individuals who could have a range of intentions.

Latest
How to Watch Rosie Molloy Gives Up Everything Online From Anywhere
Rosie Molloy Gives Up Everything is a new comedy show about a recovering addict who tries to start fresh in life. If...
How to Watch I’m An Alcoholic – Inside Recovery Online From Anywhere For FREE
I’m An Alcoholic – Inside Recovery is a documentary that gives viewers a close-up view of an Alcoholics Anonymous meeting in the...
How to Watch Love Island Australia Season 4 (2022) Online From Anywhere
One of the hottest reality TV shows is returning with a brand new season, and we're excited to watch all the episodes...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari