All your tests are publicly available.

All your tests are publicly available.


Hello again! I again found an open database with medical data for you. I recall that recently there were three of my articles on this topic: personal data leakage of patients and doctors from the medical online service DOC + , the Doctor Next service vulnerability and data leakage of ambulance stations .



This time, the Elasticsearch server with the logs of the medical IT system of the network of laboratories " Molecular Diagnostics Center " (CMD, www.cmd-online.ru) was in open access.


Disclaimer: All information below is published solely for educational purposes. The author did not get access to personal data of third parties and companies. The information was taken either from open sources, or was provided to the author by anonymous well-wishers.


The server was discovered on the morning of April 1 and it did not seem at all ridiculous to me. Alert about the problem went to CMD at about 10 am (MSK) and around 3:00 the base became inaccessible.


According to the search engine Shodan, this server was first made publicly available on 03/03/2019. About how open Elasticsearch databases are detected , I wrote a separate article.


Very sensitive information could be obtained from the logs, including name, gender, patient birth dates, doctor’s name, research cost, research data, screening files and much more.

< br/>

An example of a log with the results of patient analyzes:


  "& lt; Message FromSystem = \" CMDLis \ "ToSystem = \" Any \ "Date = \" 2019-02-26T14: 40: 23.773 \ "& gt; & lt; Patient ID  = \ "9663150 \" Code = \ "A18196930 \" Family = \ "XXX \" Name = \ "XXX \" Patronymic = \ "XXX \" BornDate = \ "XXX-03-29 \" SexType = \ "F  \ "& gt; & lt; Document & gt; Passport & lt;/Document & gt; & lt; Order ID = \" 11616539 \ "Number = \" DWW9867570 \ "State = \" normal \ "Date = \" 2017-11-29T12: 58: 26.933  \ "Department = \" 1513 \ "DepartmentAltey = \" 13232 \ "DepartmentName = \" Smile Elite \ "FullPrice = \" 1404.0000 \ "Price = \" 1404.0000 \ "Debt = \" 1404.0000 \ "NaprOrdered = \" 2  \ "NaprCompleted = \" 2 \ "ReadyDate = \" 2017-12-01T07: 30: 01 \ "FinishDate = \" 2017-11-29T20: 39: 52.870 \ "Registrator = \" A759 \ "Doctor = \"  A75619 \ "DoctorFamily = \" XXX \ "DoctorName = \" XXX \ "DoctorPatronymic = \" XXX \ "& gt; & lt; OrderInfo Name = \" TEMP_CODE \ "& gt; 0423BF97FA5E & lt;/OrderInfo & gt; < OrderInfo Name =  Pregnancy \ "& gt; -1 & lt;/OrderInfo & gt; & lt; OrderInfo Name = \" Pin \ "& gt; DWW98675708386841791 & lt;/OrderInfo & gt; & lt; OrderInfo Name = \" DiscountN  Order \ "& gt; 0 & lt;/OrderInfo & gt; & lt; OrderInfo Name = \" QMS is valid Till \ ">  ;  

I scored all sensitive data with an “X”. In reality, everything was stored in clear text.


From such logs it was easy (transcoding from Base64) you could get PNG-files with screening results, already in a readable form:



The total size of the logs exceeded 400 MB and in total they contained more than a million records. It is clear that not every record represented the data of a unique patient.


CMD Official Response:


We would like to thank you for the promptly submitted information on 04/01/2019 about the presence of a vulnerability in the Elasticsearch error logging and storage database.

Based on this information, our staff, together with relevant specialists, limited access to the specified database. Error sending confidential information to the technical database is fixed.

During the analysis of the incident, it was found out that the appearance of the said database with error logs in the open access was due to a human factor. Access to data was promptly closed 04/01/2019.

At the moment, internal and external experts are taking measures to further audit the IT infrastructure for data protection.

Our organization has developed a special procedure for working with personal data and the system of personnel level responsibility.

The current software infrastructure assumes the use of the Elasticsearch database for storing errors. To improve the reliability of some systems, the corresponding servers will be migrated to the data center of our partner, to a certified hardware and software environment.

Thank you for the timely information provided.

News about information leaks and insiders can always be found on my Telegram-channel " Information Leaks ".

Source text: All your tests are publicly available.