Security News > 2020 > February > Rotherwood Healthcare AWS bucket security fail left elderly patients' DNR choices freely readable online
The leak came from an S3 bucket that was left unsecured.
The unsecured S3 bucket appeared to be powering Rotherwood's internal system, a CRM-style software suite that looks to be used to capture and store essential data about staff and patients alike.
Around 10,000 individual files were left exposed in the bucket.
A Rotherwood spokesman told The Register: "We at Rotherwood Group take the protection of personal data very seriously. Once we became aware of a security issue affecting some data held on our cloud-based system, we took immediate steps to rectify it. We are not aware of any data misuse and we are continuing to investigate this matter, including liaising with the ICO.".
There is no excuse in this day and age for AWS buckets to be left unsecured.