Exploit: Unsecured Database
Risk to Small Business: 1.401 = Extreme
In a monster week for pharma hacking, Pfizer leads the pack with a substantial data breach that it brought on itself. In a huge blunder, unsecured and unencrypted data containing logs, transcripts, and details of patient helpline conversations was leaked from a misconfigured Google Cloud storage bucket. The exposed data included detailed information regarding hundreds of conversations between Pfizer’s automated customer support software and patients using drugs including Lyrica, Chantix, Viagra, Ibrance, and Aromasin.
Individual Risk: 1.412 = Extreme
The exposed call or chat transcripts had extensive PII and medical data for patients including full names, addresses, phone numbers, and details of health and medical conditions. The transcripts also contained detailed information about treatments, patient experiences, and questions related to products manufactured and sold by Pfizer.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Leaving this kind of information laying around is a hacker’s dream, and a security nightmare for your business as not only the recovery costs but the regulatory penalties for exposing this kind of data adds up.