Sunday, May 19, 2024

Threat Actors Accessed Cancer Patients’ Data left Open by Testing Lab

Guardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years.

The California-based firm, which has performed over 500,000 blood tests, is notifying an undisclosed number of individuals that an employee inadvertently exposed their private medical data.

The data, which included patient names, ages, medical record numbers, treatment details, and test results, was related to samples collected in late 2019 and 2020.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Information uploaded by the employee
Information uploaded by the employee

Guardant admits the information was mistakenly uploaded by an employee and left exposed from October 5, 2020, to February 29, 2024, before being discovered

Accessed by Unauthorized Third Parties

Compounding the severity of the breach, Guardant warns that the exposed patient data was accessed and copied by “unidentified third parties” between September 8, 2023, and February 28, 2024.

According to the BitDefender reports, this raises serious concerns about potential fraud, identity theft, and privacy violations for the cancer patients affected.

Many of the impacted individuals are likely unaware that Guardant was even storing their data, as their samples were sent for testing by their physicians and hospitals.

While the company states that financial information and Social Security numbers were not included, criminals could exploit the sensitive medical data alone.

Guardant has not disclosed the total number of patients affected or explained how such a glaring security lapse went unnoticed for so long.

The company advises patients to monitor their medical statements for irregularities, but this generic guidance provides little reassurance.

The breach at Guardant Health is the latest example of how third-party vendors can put patients’ highly personal medical data at risk when proper security controls are not in place.

With the frequency and costs of healthcare data breaches rapidly rising, companies entrusted with sensitive patient information must prioritize data protection.

As a result of this incident, Guardant Health now faces potential legal action, financial penalties, and a loss of patient trust. 

Law firms have already announced they are investigating the breach on behalf of affected individuals.

This breach is an unfortunate reminder that in the age of digital health data, a single-employee mistake can have devastating privacy consequences for vulnerable patients.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Website

Latest articles

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make...

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...
Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles