California public office admits Covid-19 healthcare data breach

A misconfigured databased managed by a California public office has potentially exposed the sensitive medical information of citizens.

County of Kings, in mid-California, announced that the security flaw in its public web server made limited information on Covid-19 cases available on the internet.

The incident was discovered on November 24, 2021, and involved records obtained by the County’s Public Health Department from the California Department of Public Health and County healthcare providers.

An investigation determined that the misconfiguration resulted from an error made by a third-party contractor and existed on the county’s public web server from February 15, 2021, until it was fully corrected on December 6, 2021.

In a notice (PDF) posted online, County of Kings said that names, dates of birth, addresses, and Covid-19-related health information was among the datasets available to view.

The government department said it has “no reason to believe that individuals’ information has been or will be misused”, but has informed all potential victims by post.

It added that no further action needs to be taken by the individuals, but has set up a dedicated call center, details of which can be found in the notice.

Source: https://portswigger.net/daily-swig/california-public-office-admits-covid-19-healthcare-data-breach