A Dallas, Texas-based clinical research firm had its database exposed, containing sensitive personal healthcare records of over 1.6 million individuals – all without any security authentication.
A misconfigured healthcare database containing over 1.6 million records related to medical surveys was recently discovered to be publicly accessible online without any encryption, password protection or security authentication.
The database belonged to DM Clinical Research, a Texas-based network of clinical trial sites. This was revealed to Hackread.com by cybersecurity expert Jeremiah Fowler who discovered the database and published their findings with Website Planet on 18 February 2025.
The database contained a treasure trove of personal and medical information, including names, dates of birth, phone numbers, email addresses, vaccination statuses, and current medications. Some surveys even included notes about adverse reactions to COVID-19 vaccines, doctor’s names, and whether the individual was on birth control or pregnant.
DM Clinical Research, which partners with pharmaceutical companies and medical organizations to conduct research studies and surveys, has stated that protecting sensitive data is a top priority. The company restricted access to the database after being notified by Fowler, but it is still unclear how long the database was exposed or if anyone else gained access to it.
It remains unclear whether the database was managed directly by DM Clinical Research or through a third-party contractor. Nevertheless, although the data originated from surveys and not full medical records, the potential for harm is significant.
This type of exposed health data could be attractive to data brokers and could even influence health insurance companies, potentially leading to higher premiums based on leaked health information.
On the other hand, if accessed by threat actors with malicious intent; the data could be leaked on cybercrime forums or sold to interested parties ultimately putting unsuspected and already vulnerable individuals at even greater risk including phishing, smishing (SMS Phishing), identity theft and even online blackmail.
RELATED TOPICS
- In the jungle of AWS S3 Enumeration
- Builder.ai Database Exposes 1.29 TB of Unsecured Records
- 1.17TB Data Leak Exposes Billions of IoT Grow Light Records
- Propertyrec Leaks Half a Million Background Check Records
- Canadian Eyecare Firm Care1 Leaks 2.2TB of Patient Records