{"id":8592,"date":"2018-08-05T17:15:44","date_gmt":"2018-08-05T17:15:44","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/"},"modified":"2018-08-05T17:15:44","modified_gmt":"2018-08-05T17:15:44","slug":"web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/","title":{"rendered":"Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records"},"content":{"rendered":"<p><strong class=\"trailer\">Exclusive<\/strong> Online medical consultation service iCliniq left thousands of medical documents in a publicly accessible Amazon Web Services S3 bucket.<\/p>\n<p>iCliniq locked down the online silo earlier this week only after the slip-up was brought to its attention by German security researcher Matthias Gliwka. He approached <em>El Reg<\/em> after failing to get any response to notification emails he sent to the firm.<\/p>\n<p>The global health startup, which is based in India, allows users to privately ask medical questions, to which they can attach their medical records, and have the queries answered by doctors. However, iCliniq stored these private medical documents in a <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2017\/11\/07\/amazon_aws_s3_alert\/\">misconfigured<\/a> wide-open AWS S3 bucket that could have been potentially pored over by anyone.<\/p>\n<p>This cloud storage box, according to Gliwka, contained about 20,000 medical documents, such as information on blood screens and HIV tests.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2018\/04\/13\/shutterstock_popcorn_bucket_spill.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Woman accidentally kicks over bucket of popcorn in cinema\"\/><\/p>\n<h2 title=\"S3 spillage spoils included driving licences and passports\">From Bangkok to Phuket, they cry out: Oh, Bucket! Thai mobile operator spills 46k people&#8217;s data<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2018\/04\/13\/thai_mobile_operator_data_breach\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>Gliwka was able to establish a link between the <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.icliniq.com\/\">icliniq.com<\/a> website and the S3 bucket. Test files he uploaded through the website appeared in the same cloud-based system.<\/p>\n<p>The German researcher also found a second problem. He said iCliniq had failed to check for permissions in its web app so every user was able to see every question asked by other members \u2013 simply by guessing the ID number of the question. Technically, this is known as an IDOR (<a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.owasp.org\/index.php\/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet\">Insecure Direct Object Reference<\/a>) vulnerability.<\/p>\n<p><em>El Reg<\/em> ran Gliwka&#8217;s findings past UK security researcher Scott Helme, who quickly confirmed iCliniq had a serious cockup to resolve. &#8220;They need to get this locked down ASAP,&#8221; Helme told us. &#8220;The bucket should be easier to fix than the IDOR&#8230; but both need work.&#8221;<\/p>\n<p>Armed with this confirmation, <em>El Reg<\/em> joined Gliwka in chasing up iCliniq. This wasn&#8217;t easy, and as soon as we escalated the issue to iCliniq&#8217;s chief exec Dhruv Suyamprakasam, both problems were promptly resolved.<\/p>\n<p>Siddharth Parthiban, iCliniq&#8217;s data protection officer, apologised to Gliwka for the organisation&#8217;s failure to respond to a vulnerability notification. An internal investigation revealed that medical files of patients of two regions of India, the states of Tamil Nadu and Punjab, that were meant to be open only to lab-testing partners were actually publicly accessible.<\/p>\n<p>&#8220;The S3 folder taken for these regions in India must have been moved [from] private,&#8221; Parthiban explained in an email. Challenged on this point, the data protection officer reiterated that only Indian data was exposed to the public. &#8220;I confirm that ONLY files of the two states in India (Tamil Nadu and Punjab) were public. Files of other regions\/countries\/continents were\/are NOT public,&#8221; Parthiban told <em>El Reg<\/em>.<\/p>\n<p>Once it had confirmed the issue, iCliniq treated the problem as a critical priority, and promptly restricted access to confidential medical data. iCliniq promised it would contact the particular patient whose data Gliwka cited as an example. It didn&#8217;t offer any commitment to other people whose data was kept in the same previously insecure S3 bucket.<\/p>\n<p>Gliwka confirmed that when he tried to access the confidential repository on Wednesday, access was denied.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2017\/07\/12\/shutterstock_holes_in_bucket.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Leaking bucket\"\/><\/p>\n<h2 title=\"Hundreds of thousands of voter records and contact info spilled\">Who&#8217;s leaving Amazon S3 buckets open online now? Cybercrooks, US election autodialers<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2018\/07\/18\/kromtech_open_buckets\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>&#8220;The Amazon S3 bucket no longer publicly lists its contents and the direct links to documents I have the link to are no longer accessible,&#8221; Gliwka told <em>El Reg<\/em>. &#8220;The IDOR vulnerability, which allowed to see the private questions of other users, is also fixed.&#8221;<\/p>\n<p>Gliwka remains dissatisfied with iCliniq&#8217;s response. He&#8217;s not convinced that the issue was geographically contained to India, and challenged iCliniq on this point.<\/p>\n<p><em>The Register<\/em> notes that test documents uploaded by both researchers \u2013 Gliwka in Germany, and Scott Helme in the UK \u2013 ended up in the same publicly accessible AWS S3 bucket before the firm made the fix. &#8220;Your file is definitely accessible by you alone,&#8221; iCliniq told Gliwka when he raised this point.<\/p>\n<h3 class=\"crosshead\"><span>Breach alert<\/span><\/h3>\n<p>The startup should notify everyone whose details were potentially exposed by the security blunder \u2013 not just the handful of files Gliwka and Helme accessed in verifying the problem, and not solely the patient whose file was emailed around by way of example. Ostensibly, even the names of files stored in the repository exposed sensitive information.<\/p>\n<p>&#8220;While I believe that you&#8217;ve tried to protect those files by setting appropriate ACLs [Access Control Lists], I still had access to other files, even some files regarding data subjects outside of India,&#8221; Gliwka told iCliniq in an email shared with <em>The Register<\/em>. &#8220;The file listing did indeed contain sensitive information. Some file names contain the name of a patient combined with the name of a medical test\/diagnosis\/procedure, i.e. john-doe-hiv-test.pdf, john-doe-cancer.pdf&#8230; just with a real name.&#8221;<\/p>\n<p>The startup said the files were pseudonymous, and did not constitute personally identifiable information.<\/p>\n<p>Gliwka told us: &#8220;The system uses the filename provided during the upload and saves it verbatim after prefixing the file id, user id, question id and a random looking value.&#8221;<\/p>\n<h3 class=\"crosshead\"><span>Leaky buckets<\/span><\/h3>\n<p>Instances of sensitive data being publicly viewable in Amazon-hosted cloud storage are far from rare. For instance, thousands of files containing the personal information of US citizens with classified security clearances were <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2017\/09\/04\/us_security_clearance_aws_breach\/\">exposed<\/a> last year.<\/p>\n<p>There has since been a steady stream of such cockups, which shows little sign of letting up. That&#8217;s bad enough, but at the same time it is getting easier for interested parties to locate unsecured S3 buckets thanks to automated scripts, as <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2017\/12\/05\/unsecured_s3_bucket_discovery_tools\/\">previously reported<\/a>.<\/p>\n<p>Gliwka came across iCliniq&#8217;s bucket in the process of developing a tool to discover leaks sensitive in nature, something he described as a side project. &#8220;During the research on how to approach this problem I came across a multitude of buckets with sensitive information,&#8221; he said. &#8220;Most companies took them down rather quick[ly].&#8221;<\/p>\n<p>The UK&#8217;s Information Commissioner&#8217;s Office has been informed of the medical data fumble. \u00ae<\/p>\n<p><em>Have you spotted a leaky S3 bucket? <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/Author\/Email\/John-Leyden\">Let us know<\/a>, and we&#8217;ll even help plug the holes.<\/em><\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1787\/-6625\/following-bottomlines-journey-to-the-hybrid-cloud?td=wptl1787\">Following Bottomline\u2019s journey to the Hybrid Cloud<\/a><\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2018\/08\/03\/icliniq_cloud_breach\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Even the file names exposed sensitive info, claim researchers Exclusive\u00a0 Online medical consultation service iCliniq left thousands of medical documents in a publicly accessible Amazon Web Services S3 bucket.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":8593,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-8592","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-05T17:15:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records\",\"datePublished\":\"2018-08-05T17:15:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/\"},\"wordCount\":1033,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/08\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/\",\"name\":\"Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/08\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records.jpg\",\"datePublished\":\"2018-08-05T17:15:44+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/08\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/08\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/","og_locale":"en_US","og_type":"article","og_title":"Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-08-05T17:15:44+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records","datePublished":"2018-08-05T17:15:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/"},"wordCount":1033,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/","url":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/","name":"Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records.jpg","datePublished":"2018-08-05T17:15:44+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/web-doc-icliniq-plugs-leaky-s3-bucket-stuffed-full-of-medical-records\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/8592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=8592"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/8592\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/8593"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=8592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=8592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=8592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}