iCliniq - The Virtual Hospital

Online medical consultation service iCliniq has restricted access to thousands of medical documents it left in a public AWS S3 bucket.

iCliniq stored these private medical documents in a misconfigured wide-open AWS S3 bucket that could have been potentially pored over by anyone.

This cloud storage box, according to Gliwka, contained about 20,000 medical documents, such as information on blood screens and HIV tests.

iCliniq had failed to check for permissions in its web app so every user was able to see every question asked by other members – simply by guessing the ID number of the question.

Source: https://www.theregister.com/2018/08/03/icliniq_cloud_breach/

"id": "ICL202151122",
"linkid": "icliniq",
"type": "Data Leak",
"date": "08/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"