LabCorp website bug exposed thousands of medical documents

Zack Whittaker reports:

A security flaw in LabCorp’s  website exposed thousands of medical documents, like test results containing sensitive health data.

….    This latest security lapse was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system. Although the system appeared to be protected with a password, the part of the website designed to pull patient files from the back-end system was left exposed. That unprotected web address was visible to search engines and was later cached by Google, making it accessible to anyone who knew where to look.

Read more on TechCrunch.

About the author: Dissent

Comments are closed.