Web doc iCliniq plugs leaky S3 bucket full of medical files

Another data leak by an Indian firm, it seems.  John Leyden reports on this one:

Online medical consultation service iCliniq has restricted access to thousands of medical documents it left in a public AWS S3 bucket.

iCliniq acted earlier this week only after the slip-up was brought to its attention by German security researcher Matthias Gliwka. Gliwka approached El Reg after initially failing to get any response to notification emails he sent to the firm.

The global health startup, which is based in India, allows users to ask medical questions in private, to which they can attach private medical info, to be answered by doctors. However, iCliniq stored these private medical documents in a public AWS S3 bucket.

Read more on The Register.

Update of Aug 7:  Additional details and coverage here. This reportedly affected 20,000 and the firm apologized to the researcher for ignoring prior notifications.  Going to the media is one way to get the attention of those who are ignoring your attempts at responsible disclosure.

About the author: Dissent

Comments are closed.