Cyber attacks on keralti the parent company of sanitas health entity in Colombia point to be the beginning of a long line of complications from the company with the care of the treatment of its users’ data, because an investigation found sensitive personal information that is exposed on the Internet without a security backup to protect it.
The blog MuchHacker had access to these details, which were discovered Bob Diachenkoa cybersecurity analyst, who alerted the company to the situation, since it is estimated that there is information on 999,941 users of the EPS.
The researcher found this flaw after finding a root URL where the documents with the data are hosted, because the company uses a cloud service to store the information.
It is enough to enter the link, which for the safety of those affected we do not share, to access the entire content package, which belongs to the documentation that people must deliver to sanitas to join the health institution.
The type of files stored are scanned citizenship cards and civil records, affiliation forms and work contracts, all in high image quality, since they are needed for the company’s internal procedures.
The data of a million users is within the reach of a link from cybercriminals without any protection.
Private data exposed in public
Whoever manages to enter that link will not find any restriction to know the information, such as a password or username. So you can easily know names, emails, addresses, children, type of affiliation, employer, place of work, among others.
Data that is not supposed to leave the environment of the EPS before the rights that users have for the protection of their personal information.
Furthermore, according to Camilo Andres Garciathe journalist in charge of the publication, the leak is not about any type of hacking or digital attack, but it would be a “mishandling of data” that puts a link away from the criminals.
While diachenko alert that a serious point of the situation is that it is not clear since when these data are exposed and even less who have been able to access them, because no record is needed to know them.
The analyst found a total of 999,941 exhibited documents, but the figure could be higher, taking into account that sanitas has 4.74 million affiliates in Colombia since the Keralty Group handles many more entities like Colsanitas, Medisanitas and Sanitas University Foundation.
The data of a million users is within the reach of a link from cybercriminals without any protection.
How to avoid being a victim of cybercriminals
Because the number and variants of attacks will continue to grow globally, and nothing guarantees that a company can protect user data 100%. People have several alternatives to protect their personal information, making the job of cybercriminals more difficult. These are some tips:
– Always review the ratings of the Applications to see if other users express unusual concerns or negative experiences.
– It is important to verify the information of the developers and publishers of Applications.
– Download apps from websites suspects is dangerous.
– Avoid installing Applications from unknown sources.
– Change passwords periodically.
– Do not share personal informationsuch as bank card numbers, identity documents and addresses, on social networks.
– Keep minors away from their own publications and accounts, especially if there is no adult supervision.