A database that serves 918,000 seniors with diabetes was left open online after a software developer in the employ of a telemarketing firm uploaded a backup copy to the internet.

The seniors provided their personal and financial information to a program that promised them discounts on diabetes supplies. The information included names, addresses, dates of birth, telephone numbers, email addresses, taxpayer IDs, health insurance carrier, policy numbers, and information about what types of health problems the individuals had.

A Twitter user, calling himself Flash Gordon, found the database on Amazon Web Services. He contacted DataBreaches.net. DataBreaches.net reached out to security researchers for help who found that the database was not subject to HIPAA laws, such as a health care provider. They found scripted comments to use when engaging with patients as would a telemarketer.

Researchers at Sophos are advising that seniors should be wary of providing any personal information to telemarketers as there is no assurance that they are legitimate providers.

Source: SCMagazine