Amazon Web Services and HealthNow: WFAA

Amazon Web Services and HealthNow: WFAA

Cybersecurity Alert: Major Data Breach Exposes Millions of Records in Cloud Storage Misconfiguration

A significant data breach has exposed over 10 million sensitive records due to a misconfigured cloud storage bucket, security researchers at Wiz discovered on June 12, 2024. The incident involved an unsecured Amazon Web Services (AWS) S3 bucket belonging to HealthNow, a U.S.-based healthcare technology provider, which left patient data, internal documents, and proprietary software code publicly accessible for at least three weeks before detection.

The exposed data included personally identifiable information (PII) such as names, addresses, medical IDs, and partial payment details, as well as internal API keys and credentials that could enable further attacks. Researchers noted that the bucket lacked basic security controls, including password protection and encryption, despite housing highly sensitive material. While there is no evidence of malicious exploitation yet, the breach highlights persistent risks tied to cloud misconfigurations, a leading cause of data leaks in recent years.

HealthNow has since secured the bucket and launched an internal investigation, though the company has not publicly confirmed the full scope of the exposure. The incident underscores the ongoing challenges organizations face in cloud security hygiene, particularly as reliance on third-party storage solutions grows. Regulatory bodies, including the U.S. Department of Health and Human Services (HHS), may review the case under HIPAA compliance standards, given the healthcare-related data involved.

This breach follows a string of similar incidents in 2024, where unsecured cloud storage has led to large-scale exposures across industries, from financial services to government contractors. Security experts emphasize that such vulnerabilities are often preventable with automated monitoring tools and access controls, though human error remains a critical factor in misconfigurations. The full impact of the breach, including potential downstream risks from exposed credentials, is still being assessed.

Source: https://www.wfaa.com/article/money/business/a-serious-matter-texas-ag-ken-paxton-launches-investigation-into-carnival-cruise-line-data-breach/287-984670b7-4c51-4bde-bb84-0442b1f72aef

Amazon Web Services TPRM report: https://www.rankiteo.com/company/amazon-web-services

HealthNow TPRM report: https://www.rankiteo.com/company/healthnow-new-york-inc.

"id": "heaama1782153018",
"linkid": "healthnow-new-york-inc., amazon-web-services",
"type": "Vulnerability",
"date": "6/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'U.S.',
                        'name': 'HealthNow',
                        'type': 'Healthcare Technology Provider'}],
 'attack_vector': 'Misconfigured Cloud Storage',
 'data_breach': {'data_encryption': 'None (data was unencrypted)',
                 'number_of_records_exposed': 'Over 10 million',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Medical IDs',
                                                         'Partial payment '
                                                         'details'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Internal API keys and '
                                              'credentials',
                                              'Proprietary software code']},
 'date_detected': '2024-06-12',
 'description': 'A significant data breach has exposed over 10 million '
                'sensitive records due to a misconfigured cloud storage '
                'bucket, security researchers at Wiz discovered on June 12, '
                '2024. The incident involved an unsecured Amazon Web Services '
                '(AWS) S3 bucket belonging to HealthNow, a U.S.-based '
                'healthcare technology provider, which left patient data, '
                'internal documents, and proprietary software code publicly '
                'accessible for at least three weeks before detection. The '
                'exposed data included personally identifiable information '
                '(PII) such as names, addresses, medical IDs, and partial '
                'payment details, as well as internal API keys and credentials '
                'that could enable further attacks. Researchers noted that the '
                'bucket lacked basic security controls, including password '
                'protection and encryption, despite housing highly sensitive '
                'material. While there is no evidence of malicious '
                'exploitation yet, the breach highlights persistent risks tied '
                'to cloud misconfigurations, a leading cause of data leaks in '
                'recent years.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage',
            'data_compromised': 'Over 10 million sensitive records',
            'identity_theft_risk': 'High (PII exposed)',
            'legal_liabilities': 'Potential HIPAA violations',
            'payment_information_risk': 'Partial payment details exposed',
            'systems_affected': 'AWS S3 bucket'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'The incident highlights persistent risks tied to cloud '
                    'misconfigurations and the importance of automated '
                    'monitoring tools and access controls to prevent such '
                    'vulnerabilities.',
 'post_incident_analysis': {'corrective_actions': 'Bucket secured, internal '
                                                  'investigation launched',
                            'root_causes': 'Misconfigured AWS S3 bucket (lack '
                                           'of password protection and '
                                           'encryption)'},
 'recommendations': 'Implement automated monitoring tools, enforce access '
                    'controls, and ensure encryption for sensitive data in '
                    'cloud storage.',
 'references': [{'source': 'Wiz'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA'],
                           'regulatory_notifications': 'Potential review by '
                                                       'U.S. Department of '
                                                       'Health and Human '
                                                       'Services (HHS)'},
 'response': {'containment_measures': 'Bucket secured',
              'remediation_measures': 'Internal investigation launched'},
 'title': 'Major Data Breach Exposes Millions of Records in Cloud Storage '
          'Misconfiguration',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unsecured AWS S3 bucket (lack of password '
                            'protection and encryption)'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.