A Dallas, Texas-based medical analysis agency had its database uncovered, containing delicate private healthcare information of over 1.6 million people – all with none safety authentication.
A misconfigured healthcare database containing over 1.6 million information associated to medical surveys was just lately found to be publicly accessible on-line with none encryption, password safety or safety authentication.
The database belonged to DM Scientific Analysis, a Texas-based community of medical trial websites. This was revealed to Hackread.com by cybersecurity skilled Jeremiah Fowler who found the database and revealed their findings with Web site Planet on 18 February 2025.
The database contained a treasure trove of non-public and medical data, together with names, dates of start, cellphone numbers, e-mail addresses, vaccination statuses, and present medicines. Some surveys even included notes about antagonistic reactions to COVID-19 vaccines, physician’s names, and whether or not the person was on contraception or pregnant.
DM Scientific Analysis, which companions with pharmaceutical firms and medical organizations to conduct analysis research and surveys, has acknowledged that defending delicate knowledge is a prime precedence. The corporate restricted entry to the database after being notified by Fowler, however it’s nonetheless unclear how lengthy the database was uncovered or if anybody else gained entry to it.
It stays unclear whether or not the database was managed instantly by DM Scientific Analysis or via a third-party contractor. Nonetheless, though the information originated from surveys and never full medical information, the potential for hurt is critical.
This kind of uncovered well being knowledge may very well be enticing to knowledge brokers and will even affect medical health insurance firms, probably resulting in larger premiums based mostly on leaked well being data.
Alternatively, if accessed by risk actors with malicious intent; the information may very well be leaked on cybercrime boards or offered to events finally placing unsuspected and already susceptible people at even larger danger together with phishing, smishing (SMS Phishing), identification theft and even online blackmail.
