AstraZeneca blames a user error for leaked patient data

November 8, 2022
Astra Zeneca User Error Data Leak Github Fraud Prevention

The big-time pharmaceutical organisation AstraZeneca has suffered password lapses that resulted in the online exposure of patient credentials for more than a year. Based on reports, a developer from the company left the credentials for an AstraZeneca internal server on the code-sharing platform GitHub last year.

The credentials enabled access to a test Salesforce cloud environment frequently utilised by businesses to manage their customers. However, the test environment included several patient details.

Some of the exposed data related to the organisation’s app offers discounts to patients needing medication assistance.

 

AstraZeneca insisted that the cause of the data exposure was a user malfunction.

 

An AstraZeneca spokesperson revealed that their patients’ data are crucial. Hence, they are addressing the current issue with the highest standards and compliance that apply to laws.

However, some of their data records were exposed temporarily on the GitHub platform due to a user error. Fortunately, the pharmaceutical company immediately halted access to their data as they investigated the cause of the incident.

Moreover, the company stated that they have an ongoing assessment of its regulatory obligations.

On the other hand, the spokesperson declined to state the reason for storing patient data in a test environment. Experts questioned the company’s capabilities regarding the topic as it is unknown if the company obtained technical means, such as logs, to determine if anyone accessed the data and if a user exfiltrated any information.

Researchers noted that credentials like usernames and passwords exposed or unintentionally leaked to sites like GitHub had increased dramatically in the past months. For years, experts have seen several data leak incidents from different companies. The most recent one is the data owned by Samsung, which contained a facial recognition system.

Cybersecurity experts explained that this incident in AstraZeneca is not the first of its kind since many leaked credentials always happen globally. The threatening part of these events is that they could aid threat actors in an easier data intrusion.

About the author

Leave a Reply