Recently, security researcher, Volodymyr Diachenko, discovered a healthcare database left available for public view. The healthcare database, containing the protected health information (PHI) of 3.1 million patients, was easily accessible, requiring no password to access the information.
What Happened Following the Discovery?
Upon discovery of the exposed healthcare database, Diachenko did some research to uncover who owned the database. He found that the healthcare database belonged to a medical software company that provides patient management software and online booking services for medical and dental practices.
Diachenko reached out to the medical software company, Adit, to let them know that their database was available for public view, exposing millions of patients’ PHI, but no one responded to his concern. After a few days, Diachenko found that the healthcare database had been attacked by the “Meow Bot.”
What is the Meow Bot?
The Meow Bot, discovered in late July, looks for exposed databases by scanning the internet. Once the Meow Bot finds an unsecure database, it overwrites the data in the database with the word “meow” as well as a random numeric string. This essentially erases the data, making it inaccessible to the public, as well as database owners. While the motives behind Meow Bot are unknown, it seems as though they are doing somewhat of a good deed by deleting data so that it cannot be stolen by cybercriminals. The reason it is “somewhat of a good deed” is because their act also leaves the data unavailable to database owners.
Could the Healthcare Database Have Been Copied Before Deletion?
Even though Meow Bot destroyed the healthcare database, it is possible that threat actors could have copied the data before deletion. The healthcare database was available for public access for 10 days prior to being destroyed, making it entirely possible, and likely, that it had been accessed by ill-intentioned individuals. Although there wasn’t a lot of sensitive information in the healthcare database, the information can still be used to perpetuate phishing attacks, as the information included patient names, email addresses, phone numbers, and treatment locations.
