Hacker Stole Exposed ‘Definitivehc.com’ Databases and Is Now Selling Them Online
- A hacker is selling the databases copied from an unprotected server belonging to a data analytics firm.
- The details include the PII of hospital executives and several other exposing details and data points.
- This is just one of the thousands of exposed instances that are currently open to exploitation.
A hacker is using a popular forum to sell nine CSV files taken from an exposed Azure blob that appears to belong to Definitivehc.com. This is a healthcare data and analytics platform that offers market strategy enhancement services that are possible through these rich data sets. Unfortunately for the people who have been irreversibly exposed by their data-harvesting operations, the firm has failed to configure their server properly, allowing anyone with a web browser to access and copy the files.
The leak includes 9 CVS files containing approximately seven million lines with the following:
- Hospital executives PII
- Hospital data files
- Individual doctor email list
- Taxonomy data files
- NPI lists and data
- HCPCS subscription data files
The hacker has given some samples on Pastebin to demonstrate the validity of the claims made in the listing. We have taken a look, and we can confirm that the data appear to be valid. They contain information about American hospitals and service providers, and all details are in plaintext form. We have contacted DefinitiveHC asking for an explanation on this, but we haven’t heard back from them yet.
We have also contacted the hacker directly to ask for more details about the breach, and the person told us that this is just one of the thousands of unsecured Amazon S3 and MS Azure blobs that lie out there, misconfigured and unsecured. As the seller confirmed, the data is still accessible, so the firm is unlikely to have realized it. Also, it seems that the particular cluster was indexed by specialized search engines like Shodan months ago, so the security lapse is both dire and long-lasting.
Only a couple of days back, we covered a very similar case with another marketing firm, ‘Fractal Analytics,’ failing to secure its Apache Cassandra instance, which ended up being a resell material on hacking forums. This is very unfortunate for the exposed individuals because they rarely ever get to learn that their PII bundled with various marketing-related data points have ended in the hands of hundreds of individuals who could have a range of intentions.