Canadian Eyecare Firm Care1 Exposes 2.2TB of Patient Records
hackread.comI was wondering which cloud this was and from the screenshot, yep AWS S3. Especially these days you have to work hard to fail like this. I'm guessing this deployment had been rotting for years.
It’s probably a bridge too far, but at this point, Amazon should be scanning for PI and other key indicators of sensitive data and proactively disabling public access for these buckets (if only from a reputational risk perspective) instead of waiting for researchers to find through hunting and scanning, and then reporting to the media.
Some people certainly are scanning for them: