Data of 5 Million People Exposed on Misconfigured MedicareSupplement.com Web Database
Medicare Supplement Insurance website, MedicareSupplement.com, left the personal data of five million users exposed online without encryption. Cyber security website Comparitech.com worked with security researcher Bob Diachenko and found the data of five million people left online and publicly available for anyone to download. The data contains personal information of people seeking Medicare Insurance including name, birthdate, gender, email, and in some cases HIV status. It is unknown if the data was accessed by anyone for malicious intentions.
MedicareSupplement.com is a website that helps people find Medicare Supplement Insurance. It is not an insurance company. The data appears to be part of the site’s marketing data. The exposed data includes full name, address, email, birthdates, and gender. Approximately 239,000 records also showed if the customer indicated they had cancer or were HIV positive and if they were interested in buying cancer, life, auto, medical, and supplemental insurances.
What is MedicareSupplement.com?
MedicareSupplement.com is an insurance marketing website that helps people learn about their Medicare coverage options and find Medicare Supplement Insurance plan quotes. The site does not sell insurance. IT appears to collect users’ personal information and use it to match people to insurance plans.
Patients who have had their personal data leaked are subject to fraud. Hackers can use information from data breaches in spear phishing emails, BEC scams, tax scams, spam emails or other scams.
What is Medical Identity Theft?
Medical identity theft is when a hacker uses stolen medical insurance ID numbers and a victim’s identity to receive medical care or medicine. The personal information can be used to place fraudulent claims with a health insurance plan or government healthcare program. Fraudsters might use the information to receive free medical care, request reimbursement for treatment that did not occur or receive medications. If someone were to use a person’s identity and medical plan information at an emergency room or medical provider, the victim may be unaware of the theft until they receive a bill for any unpaid services. Victims of medical theft could find themselves with maxed out deductibles or be sent to a collection agency when any non-covered treatments are billed.
What is MongoDB?
MongoDB is a New York based company. Its program, MongoDB, is a cross platform, open source NoSQL database management system. MongoDB is written in C++.
Michelle writes about cyber security as well as how to protect your data online. She has worked in internet technology for over 20 years Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. She published a guide to Cyber Security for Business Travelers