Skip to main content
  1. Home
  2. Computing
  3. News

A simple password mistake led to 5.3 million leaked health records

Add as a preferred source on Google

Update: A representative from Ecaresoft has reached out to Digital Trends and claimed that the initial Cybernews report had some inaccurate information in it. The first sticking point from Ecaresoft was that the affected server was “a non-production environment, containing anonymized, randomly generated test data, not real patient data.” If that’s true, there was no actual risk of exposed patient data. Ecaresoft also claims that the reported number of records “exceeds the total number of records we have in our system at this time.”

Our story as published on October 23 is below:

Recommended Videos

Cybernews reports its research teams found a 500GB unprotected database of a Mexican health care company on August 26, 2024. The database exposes sensitive information such as names, personal identification numbers (CURP), phone numbers, descriptions of payment requests, and more.

The total amount of affected people adds up to 5.3 million, making up approximately 4% of the country’s population, as Cybernews notes. The Cybernews report indicates that the security mistake occurred with a “misconfigured” use of a data visualization tool called Kibana, which appears to have been left unauthenticated.

The massive volume of data was later credited to Ecaresoft, a Texas-based software company behind cloud-based Hospital Information Systems such as Anytime and Cirrus. More than 30,000 doctors, 65 hospitals, and 110 outpatient care centers use Ecaresoft services to manage tasks such as appointment booking, medicine management, inventory management, and more.

Other stolen data includes ethnicities, nationalities, religions, blood types, dates of birth, gender, email addresses, the amount charged for health care services, and the hospitals visited. This time around, threat actors are not to blame as the cause. There is no official information about whether the affected users are aware of the situation or how long the database (now taken down) was up and running.

The affected users’ health records were not taken, but with their Mexican government identification (equivalent to the U.S. Social Security number) at risk, they are exposed to wire fraud and phishing (among other things). The company has yet to release a statement about the unprotected data, but hopefully, we’ll hear something official soon. When data is left unprotected, it can be indexed by search engines and taken by threat actors who are constantly scanning the internet for these types of unprotected files.

While those in the U.S. don’t need to worry about their personal information being compromised in this instance, it shows just how important password security is. An easy-to-guess password makes you as vulnerable as no password at all. Another one of the worst password mistakes in the past decade was Equifax, the 2017 data breach that, due to using “admin” as their password, made it easy for hackers to steal their data.

Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
New open-weight AI from China is toppling the best of OpenAI and Claude Fable
Moonshot’s 2.8-trillion-parameter Kimi K3 beats Fable 5 and GPT 5.6 Sol in select benchmarks
Art, Drawing, Plant

China's Moonshot AI has launched Kimi K3, a massive 2.8-trillion-parameter model built for coding, research, reasoning, and visual tasks. Moonshot admits K3 still trails Claude Fable 5 and GPT 5.6 Sol overall. Even so, its benchmark results put it surprisingly close to both, and it finishes ahead in several tests.

How close is Kimi K3 to the best closed models?

Read more
Gemini could finally let you choose how friendly it sounds
Finally, you can stop Gemini from sounding like your HR manager
Google Gemini

Google has spent the past few months making Gemini sound more natural, expressive, and conversational. Now, it appears the company is preparing to give users far more control over how the AI speaks.

Code spotted by Android Authority's APK Insights - the latest beta version of the Google app suggests Gemini may soon allow users to customise its voice across four separate parameters: Energy, Formality, Warmth, and Speed. Instead of choosing from a fixed list of personalities, users could tweak these characteristics to create a voice that better suits their preferences.

Read more
ChatGPT will now remind teens to take breaks and give parents more controls
New parental controls include Quiet Hours, Study Mode defaults, and alerts for serious account violations.
chatgpt-teen-safety-features

OpenAI wants to make ChatGPT safer for teens, and the changes go well beyond a simple content filter. In a new update, the company laid out its stance on why teens should have access to AI in the first place, arguing that keeping them away from it entirely would leave them unprepared for one of the defining technologies of their generation.

Nearly 90% of teens already use ChatGPT weekly for learning, research, or getting organized, which is why OpenAI says access needs to come paired with real protections built for their age.

Read more