The database of patients of ambulance service of Moscow region is publicly available on the Web and is stored on file hosting service with a capacity of 17.8 GB. The document contains information, such as the name of the person who called the ambulance, the contact phone number, the address, the date and time of the call, a description of the patient's condition upon the arrival of the doctors.
The representative of the Ministry of Health said that the management system of the ambulance service applied all the necessary measures to protect information in accordance with the current law. The data of citizens is securely protected and only authorized employees have access to it.
The company Group-IB explained that the leak occurred through the database management system MongoDB.
Anastasia Tikhonova, Head of the group-IB threats research group, said that the database was almost in the open access and did not require authorization or other security settings.
In addition, Anastasia added that a group of Ukrainian hacktivists THack3forU leaked the base to the network. They are activists who use computer hacking to promote the ideology of free speech and political freedom. Such cybercriminals use leakage for dirty political purposes.
Andrei Arsentiev, an analyst of InfoWatch, explained that the reason for the leak was the fact that the operator left the MongoDB cloud server unprotected, forgetting to protect it with a password.
Denis Legato, an anti-virus expert of Kaspersky Lab, stressed that the main problem in this situation was the inattention of administrators to the security settings.
It is worth noting that a month ago it became known about the leakage of the database of patients in the Lipetsk region. As a result, the Head of the Department of material and technical support of the Health Department lost his post.
The representative of the Ministry of Health said that the management system of the ambulance service applied all the necessary measures to protect information in accordance with the current law. The data of citizens is securely protected and only authorized employees have access to it.
The company Group-IB explained that the leak occurred through the database management system MongoDB.
Anastasia Tikhonova, Head of the group-IB threats research group, said that the database was almost in the open access and did not require authorization or other security settings.
In addition, Anastasia added that a group of Ukrainian hacktivists THack3forU leaked the base to the network. They are activists who use computer hacking to promote the ideology of free speech and political freedom. Such cybercriminals use leakage for dirty political purposes.
Andrei Arsentiev, an analyst of InfoWatch, explained that the reason for the leak was the fact that the operator left the MongoDB cloud server unprotected, forgetting to protect it with a password.
Denis Legato, an anti-virus expert of Kaspersky Lab, stressed that the main problem in this situation was the inattention of administrators to the security settings.
It is worth noting that a month ago it became known about the leakage of the database of patients in the Lipetsk region. As a result, the Head of the Department of material and technical support of the Health Department lost his post.