Security News > 2021 > April > GitHub Arctic Vault likely contains leaked MedData patient records

GitHub Arctic Vault likely contains leaked MedData patient records
2021-04-02 08:26

GitHub Arctic Code Vault has likely captured sensitive patient medical records from multiple healthcare facilities in a data leak attributed to MedData.

These rolls of films were then shipped off to the GitHub Arctic Code Vault, situated in a remote coal mine, deep under an Arctic mountain in Svalbard, Norway, which is relatively close to the North Pole.

Given its popularity and vast adoption rate, GitHub has been used in all kinds of situations: from developers storing legitimate software code, to attackers abusing GitHub for hosting malware like Gitpaste-12, to repositories that were later found to be leaking passwords and API keys that shouldn't have made their way on GitHub to begin with.

Last year, when Ursem had informed MedData of this data leak, and the possibility that this data had slipped into GitHub's Arctic Vault, MedData further contacted GitHub asking for logs of the vault, and to discuss removal of such data from the vault, say the researchers.

Ursem had asked GitHub in 2020, what would happen if a repository containing PII or other sensitive data had made its way into the Arctic Code Vault.

Nobody might go through the trouble of getting to the grand Vault to retrieve leaked materials now purged from GitHub, it does open up a question for what course of action exists for GitHub and companies when incidents such as this recent MedData leak take place.


News URL

https://www.bleepingcomputer.com/news/security/github-arctic-vault-likely-contains-leaked-meddata-patient-records/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 2 45 29 19 95