Bump 2 Baby & Beyond Diagnostic Firm Leaks Fetal Ultrasounds
The database is associated with the Bump 2 Baby & Beyond company, which provides pregnancy ultrasounds and screening for patients.
The unsecured Rsync protocol was indexed by Shodan service and was set to stream data without any password protection, allowing anyone with an internet connection and Rsync client to access hundreds of patient profiles.
This is not a single rsync problem that was detected by MacKeeper. Based on the research, MacKeeper team has noticed that the remote synchronization protocol (rsync) is currently one of the biggest cybersecurity threats. Cloning of critical servers by using unprotected RSYNC makes the data, files and folders vulnerable to ransomware, injections, or executable files. In many cases the folders are writable and can even be deleted remotely.
The MacKeeper team together with Databreaches.net made several attempts to alert the company about the leaky database but, unfortunately, had no luck. Apparently now the problem is solved and the database has already been secured, although MacKeeper and Databreaches.net got no response.
What is Bump 2 Baby & Beyond?
Bump 2 Baby & Beyond is a diagnostic firm that is based in LA and owned by the technologist Michael Rodriguez. The company provides ultrasound services in doctors’ offices for pregnant patients and for patients who require screening for health problems. Since 2012, the database of Bump 2 Baby & Beyond contains about 1,000 patients’ files.
What Data is Leaked
This data includes patients’ forms with names, dates of birth, address, email address, telephone numbers, due dates, physician’s names, and methods of payment. The database also contains the permissions for using of the woman’s name and ultrasound image on the company website for advertising or promotional purposes.
The database contains other files, such as medical reports, the detection of abnormalities, detections of problems with carotid arteries, aortic issues, etc, and in rare cases even more sensitive information, such as fetal demise.
Furthermore, the data contains internal information about the business and Rodriguez’s personal details. The MacKeeper team has discovered internal financial documentation, files on a child with special needs, and files containing tax returns with children's names and Social Security numbers.
Fortunately, the database doesn't contain any sensitive financial information, such as credit card information or patient SSN in the exposed files. But in some cases, credit card numbers were partially exposed.
More details about the leakage you can read on Databreaches.net.