Blog Threat Labs Cloud Threats Memo: Keeping Protected Health Information Safe From Leaky Apps
Apr 07 2021

Cloud Threats Memo: Keeping Protected Health Information Safe From Leaky Apps

Several healthcare entities have reported data breaches after being notified of a “privacy incident” by Med-Data, a vendor providing revenue cycle services to hospitals, healthcare systems, and their patients. This privacy incident involves a leaky cloud service and has exposed the personal information of thousands of individuals, since at least December 2020.

But the culprit is not the cloud service you would normally expect (yes, I am talking about the usual suspects: AWS S3 or Microsoft Azure). In this case, a former Med-Data employee uploaded the information to personal folders within multiple public repositories in…  GitHub, a cloud service that, in theory, is not supposed to be used as a storage for PHI.

Why a SaaS meant to support code development could end up leaking PHI is still a mystery to me. I could argue that users tend to (ab)use the services there are more familiar with even for improper purposes. In any case, this incident reminds us all of the risks of cloud misconfigurations from which no service is theoretically immune: cloud services provide a boost in agility and productivity, but they can also expose organizations to new risks without the proper controls.

How Netskope mitigates this threat

The Netskope Next Gen SWG provides granular control for GitHub (and thousands of additional cloud applications) in terms of adaptive access control, DLP, and Threat Protection. Netskope can recognize a dozen of activities for GitHub (such as upload, download, create and share), and in this specific case can prevent the upload of PHI by an employee via one of the predefined DLP profiles.

Additional controls are possible via the API protection in the CASB module. For example, an organization can be alerted if a repository is made public. Simple configurations to mitigate the risks of data breaches and leaky cloud services.

Stay safe!

author image
About the author
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of data and trends of the threat landscape for the Infosec community.
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of…