Dive Brief:
- Systema Software, a web-based claims administration company, is said to have failed to encrypt data it placed on Amazon's cloud computing platform, leaving the records of 1.5 million people vulnerable.
-
IT professional Chris Vickery reportedly discovered the open records while looking into reports of massive data dumps being placed in the system.
-
Vickery reported the issue to the Texas Attorney General's office as well as to Systema Software.
Dive Insight:
Vickery says he accessed Systema's data without a password and found it unencrypted. Among the data he found were health insurance details, medical diagnoses, plans to defend against claims, Social Security numbers and more, he told KVUE.
Systema Software appears to paint Vickery as the issue, saying "a single individual gained unapproved access into our data storage system," and it was launching "a major internal review to identify the scope of the event and necessary remediation measures."
The vendor says it is not aware of anyone else accessing the information, and that their data are no longer stored on the Amazon cloud platform.