Rotherwood Healthcare Security Fail Leaks 10,000 Records And Left Elderly Patients’ DNR Choices Freely Readable Online

By   ISBuzz Team
Writer , Information Security Buzz | Feb 27, 2020 01:28 am PST

A leak of 10,000 records at a Leicestershire care home provider exposed elderly patients’ wishes not to be resuscitated, according to The Register. The leak, which came from an unsecured S3 bucket, also revealed detailed care plans and precisely how much councils paid for individual patients’ care. Rotherwood Care Group, trading as Rotherwood Healthcare, were also caught out by their website privacy policy, which consisted solely of lorem ipsum placeholder text.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
February 27, 2020 9:30 am

If companies aren’t in total control of their data security, problems like this will arise. S3 is one of the oldest services in AWS, and the good news is that it always defaults to secure and private. However, the bad news is that AWS allows people to use it – and notoriously people weaken or even bypass security, sometimes without even being aware.

Cloud misconfiguration can easily occur, so therefore it needs to be double-checked by the people in charge of it. If you are concerned, then simply log into the console and click on S3, before looking for the ‘Public’ tag to see if any data is vulnerable to theft. AWS has taken measures to better educate its customers about proper S3 bucket configurations, but the best protection is a two way street, where users take on some of the responsibility themselves too.

Last edited 3 years ago by Jake Moore

Recent Posts

Would love your thoughts, please comment.x