The companys server vulnerability was discovered during a routine IP address check via a particular range of ports.
Our team discovered the Elasticsearch server to be publicly exposed without encryption or password protection.
Who is Innovative Solution For Healthcare (iSofH)?
PII of patients, including minors
iSofH is a leading Vietnamese technology company providing medical information management solutions in the Vietnamese market.
The companys software solutions are deployed at 18 medical facilities in Vietnam including 8 top-tier National Hospitals and Clinics.
What was leaked?
PII of patients, including minors
Leaked data revealed internal system details including file paths and directory locations which could be exploited by hackers.
In accordance with ethics and privacy guidelines, our security team did not attempt to decrypt the files.
Our team also contacted the hosting company responsible for the server, with the same result.
Server information showing SSL certificate registered on “https://quanlytrangthietbiyte.com”
At the end of December 2020, our team reached out to the Vietnamese CERT for the second time.
They finally got back to us which allowed us to proceed to a responsible disclosure.
They acknowledged the existence of the open server but failed to see the sensitivity of it.
We tried to explain our findings, hoping theyll realize how critical the leak was.
About Us
SafetyDetectives.com
is the worlds largest antivirus review website.
For a full review of Safety Detectives cybersecurity reporting over the past 3 years, followSafetyDetectives Cybersecurity Team.
Medical Data exposing patient with cancer
Patient PII and card number
