Personal Health Insurance Data Found on Public AWS server

Written by

A treasure trove of personal information on around 1.5 million US insurance claimants has been discovered in clear text on a publicly available Amazon Web Services subdomain.

The data was discovered by a “technology enthusiast” and includes names, social security numbers, addresses, dates of birth, and financial and medical injury data.

Just over one million entries relate to the Kansas State Self Insurance Fund, while a further three million payment details dating back to 1987 are linked to the CSAC Excess Insurance Authority (CSAC-EIA), according to

The CSAC-EIA data is also said to include 4.7 million separate “notes” about claims, while thousands of scanned PDFs – most likely of insurance claims forms – are likely to come from the Golden State Risk Management Authority.

Other databases exposed include those with data from the American All-Risk Loss Administrators (AARLA)/Risico, Millers Mutual Group, and Crosswalk Claims Management, the report claimed.

The Amazon subdomain appears to have been run by US claims management firm Systema Software

The contractor is said to have notified all those affected and the database was taken down shortly after it was informed of the exposure.

A statement sent to Gizmodo had the following:

“Systema Software recently became aware that a single individual gained unapproved access into our data storage system containing data belonging to certain Systema clients. In addition to communicating with Systema, this individual also self-reported this discovery to the proper authorities and impacted clients and is in the process of working with the Texas Attorney General to securely wipe all data from his hard drive. While our investigation is still ongoing, it is important to note that, based on our initial review, we have no indication that any data has been used inappropriately.”

US healthcare firms are becoming an increasingly popular target for hackers – with many commentators claiming this is because of years of under-investment in cybersecurity.

According to the US Identity Theft Resource Center, medical/healthcare topped the list of most affected industries in 2014, accounting for 42.5% of breaches.

Ipswitch Northern Europe director, Richard Chapman, argued the incident shows how important it is to ensure all elements of the partner ecosystem are properly secured.

“When it comes to confidential data sharing, an organization doesn’t only have to take responsibility ensuring it has its own policies in place, it needs to ensure that its partner organizations have the right policies, file transfer technologies, security systems, processes, and most importantly, staff training,” he added.

Tim Erlin, director of IT security and risk strategy at Tripwire, linked the incident to the Apple Xcode attacks.

“It may seem at first that these two stories are unrelated. One is a large-scale compromise of the major app store and the other is the disclosure of medical records. Different data, different industries, but there is a key commonality in where these incidents occurred: the supply chain,” he argued.

“In both cases, the incidents did not originate with the affected entity. In the case of Apple, attackers targeted and compromised developers, a key part of the App Store supply chain. With the medical records, intent remains unknown, but the data was published from Systema Software, a third-party claims administration tool.”

What’s hot on Infosecurity Magazine?