On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data allegedly belonged to Florida based SkyMed. It appeared to be a detailed list of their member accounts. The first data incident notification was sent on March 27th (the same day it was discovered). On April 5th we verified that the database was closed and no longer publicly accessible. No one from SkyMed replied to either message.
According to their website, SkyMed has been offering premium medical emergency evacuation memberships since 1989. The concept is simple: if you are on vacation or traveling and have an emergency they will evacuate you or your loved one back home to the US for treatment or medical care.
Inside the database was each member’s file that included personally identifiable information and some accounts had medical information or notes about the user. It is unknown how long this data was publicly accessible or who may have accessed it. What is known is that there was evidence of ransomware inside the database and this could potentially be evidence of a far bigger exposure.
- This is a Elastic database set to open and visible in any browser (publicly accessible) and anyone could edit, download, or even delete data without administrative credentials.
- 136,995 records including customer accounts containing names, date of birth, phone, addresses, email and other account specific data plain text.
- Evidence of Ransomware inside the network.
It is unclear if this incident was reported to members, 0r the authorities as required by HIPPA and Florida breach and notification laws. Despite several attempts and a request for comment regarding this data incident, SkyMed has not responded or commented at the time of this publication.