Experts Reacted On Pharma Giant Pfizer Exposes Patient Data On Unsecured Cloud Storage

It has been reported that Global pharmaceutical giant Pfizer Inc. has suffered a data breach with patient information found exposed on unsecured cloud storage.  Discovered and publicised yesterday, the exposed data was found on a misconfigured Google Cloud storage bucket. The data included hundreds of conversations between Pfizer’s automated customer support software and people using its prescription pharmaceutical drugs including Lyrica, Chantix, Viagra and cancer treatments Ibrance and Aromasin. Along with confidential medical information, the transcripts included full names, home addresses and email addresses, all of which could be used by hackers to target patients with highly effective phishing campaigns.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
October 23, 2020 10:25 am

What the recent Pfizer data breach tells us is that it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week. It\’s irrelevant whether an internal or external error led to this data breach, because the digital footprint for enterprises is expanding at such a rapid pace that errors will occur and data will be exposed. However, it is incumbent upon Pfizer to continue to do everything humanly possible to protect its IP, customer and partner data and all proprietary information. In this case, Pfizer can\’t play the victim card as there certainly aren\’t any customers interested in hearing excuses. What they want is transparency and guarantees that the company will continue to make sure data protection is their top priority. Let this be another wake up call for all companies to improve their security, use threat hunting services to discover malicious operations quickly so that hackers are stopped in their tracks before material damage occurs.

Last edited 2 years ago by Sam Curry
Boris Cipot
Boris Cipot , Senior Sales Engineer
InfoSec Expert
October 23, 2020 10:23 am

Storing data within a cloud container has become the norm today. However, it seems that few systems are built on the principle of \’security by design\’, often leaving customer data unprotected. All data, from personal medical information to data which can be misused in spamming, phishing or even extorsion campaigns, should be protected at the highest level. Every company that handles customer data needs to be aware that systems used to store, and process data must be made resilient; instances of misconfiguration cannot persist.

Last edited 2 years ago by Boris Cipot
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x