Update : A representative from Ecaresoft has reached out to Digital Trends and claim that the initial Cybernews report had some inaccurate information in it . The first sticking point from Ecaresoft was that the affect server was “ a non - production environment , containing anonymized , randomly generated test data , not veridical patient data . ” If that ’s true , there was no real risk of exposure of exposed patient data point . Ecaresoft also claims that the reported phone number of records “ exceeds the total routine of records we have in our scheme at this fourth dimension . ”

Our tale as published on October 23 is below :

Cybernews reportsits research teams set up a 500 GB unprotected database of a Mexican health care fellowship on August 26 , 2024 . The database exposes sensitive entropy such as names , personal identification numbers ( CURP ) , speech sound numbers , descriptions of payment requests , and more .

The entire amount of affected mass adds up to 5.3 million , making up just about 4 % of the country ’s universe , as Cybernews notes . The Cybernews report indicates that the surety mistake come about with a “ misconfigured ” habit of a data visualisation tool calledKibana , which appears to have been left unauthenticated .

The massive volume of data was subsequently credit to Ecaresoft , a Texas - found computer software company behind cloud - free-base Hospital Information Systems such as Anytime and Cirrus . More than 30,000 doctors , 65 hospitals , and 110 outpatient care centers practice Ecaresoft services to wield tasks such as appointment booking , medicine management , inventory management , and more .

Other slip information include ethnicities , nationalities , religions , blood types , dates of parturition , sexuality , email addresses , the amount charged for wellness care services , and the hospitals visited . This time around , menace actors are not to blame as the cause . There is no prescribed information about whether the affected users are cognizant of the situation or how long the database ( now consider down ) was up and running .

The affected users ’ health record book were not taken , but with their Mexican administration designation ( equivalent to the U.S. Social Security number ) at hazard , they are discover to conducting wire fraud andphishing(among other thing ) . The company has yet to exhaust a statement about the unprotected datum , but hopefully , we ’ll get a line something official soon . When data point is left unprotected , it can be index by search engines and take by scourge histrion who are constantly scanning the cyberspace for these case of unprotected single file .

While those in the U.S. do n’t need to worry about their personal info being compromised in this representative , it express just how crucial word security is . An leisurely - to - guess parole wee-wee you as vulnerable as no password at all . Another one of the spoilt password mistakes in the preceding decennary was Equifax , the2017 datum breachthat , due to using “ admin ” as their password , made it leisurely for hacker to slip their data point .