WoundTech, a Florida-based wound care provider, was allegedly compromised in a catastrophic breach that exposed roughly 3.8TB of data and over 160,000 unique patient records, including graphic clinical photographs and unredacted medical narratives. The group Fulcrum Security claims to have exploited unencrypted S3 buckets and Terraform state-file credentials, released an investigation and sample data, and the leak includes SSNs, 4.6 million clinical notes, insurance and employee records, and cloud production credentials such as Azure AD secrets and API keys. #WoundTech #FulcrumSecurity
Keypoints
- Fulcrum Security claims to have accessed approximately 3.8TB of data and exposed over 160,000 patient records.
- The attackers say they exploited unencrypted S3 buckets and credentials left in Terraform state files.
- Exposed content reportedly includes 93,000 graphic wound photographs, Social Security numbers, and 4.6 million clinical notes.
- Insurance information and records for nearly 3,000 employees, including performance reviews and salaries, were allegedly compromised.
- Technical secrets found in the breach include production database credentials, Azure AD secrets, and API keys.
Read More: https://dailydarkweb.net/woundtech-data-breach-exposes-160000-sensitive-patient-records/