Hackread reports that Texas-based clinical trial investigator site network DM Clinical Research had more than 1.6 million individuals' personal and health information obtained via medical surveys leaked by an unsecured database.
Aside from including individuals' names, birthdates, email addresses, phone numbers, vaccination statuses, and medication details, other surveys in the misconfigured database also had information on adverse COVID-19 vaccine reactions, pregnancy status, birth control usage, and physician's names, according to an investigation by cybersecurity researcher Jeremy Fowler published on Website Planet. Immediate efforts to secure the database, the management of which remains unclear, have been conducted by DM Clinical Research following an alert from Fowler. While additional details regarding the duration of the database's inadvertent exposure continue to be lacking, such a data leak could not only be exploited by data brokers and health insurance firms but also be leveraged by threat actors in phishing, identity theft, and other cyberattacks.
