Exploit: Unauthorized Database Access
Western Australia Department of Health: Government Agency
Risk to Small Business: 2.227 = Severe
Confidential data from the state’s Department of Health was made publicly available on a website after it was distributed over a third-party paging service. Security researchers discovered that a website was recently set up which provided confidential information about Western Australian patients and doctors, including those with suspected COVID-19 infections. The State Government and Western Australia Police are working to have the site taken down, but it was still up as of a recent check.
Individual Risk: 2.623 = Moderate
No financial information was reported stolen, but sensitive health data may have been compromised. Affected users should be alert for potential spear phishing attempts or blackmail using this data.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Health data is extremely valuable right now, especially COVID-19 related data. Both private companies and international threat actors are paying top dollar for research and treatment data as healthcare organizations race to find a lucrative vaccine or treatment that works against COVID-19. This incident combines a third-party data breach with a reliance on outdated technology to create trouble.