An investigation from Cybersecurity Researcher Jeremiah Fowler revealed a non-password-protected database associated with DM Clinical Research, a clinical trial site network partnering with medical organizations and pharmaceutical companies to conduct surveys and research studies.
According to the research, the database contains two terabytes (TB) of data, amounting to 1,674,218 records. The documents were in PDF format and displayed the individual’s names in the file names. These documents contained sensitive information, both personal and medical, such as:
- Names
- Birth dates
- Email addresses
- Phone numbers
- Current medications
- Vaccination status and specific vaccines received
- Health conditions
Survey information within the database included notes on some individuals, such as pregnancy status, whether they were on birth control or not, their doctor’s name, or negative reactions to COVID-19 vaccines.
At this time, it is unknown how long this database was exposed. Likewise, it is not known if a malicious actor accessed it prior to the investigation. DM Clinical Research has been notified of the exposure and has indicated intentions to resolve the matter, stating, “Protecting sensitive data is a cornerstone of our organization’s operations, and we are committed to addressing any vulnerabilities in alignment with best practices and applicable laws & regulations”.