CrelioHealth For Diagnostics

Responsible Disclosure: Addressing a Compromised Log Server

In the world of digital data, security challenges can emerge even for the most vigilant organizations. On August 29th, an incident unfolded in our infrastructure involving a compromised log server. In this blog post, we aim to openly share the details of this occurrence and our response.

Compromised Log Server Isolated to One Region and One Log Service

The situation arose on August 29th when our Elasticsearch log cluster, serving a specific region and log service, experienced unauthorized access due to an accidental assignment of a public IP address. Importantly, this exposure was confined solely to this one region and one particular log service within our multi-regional infrastructure. We maintain six distinct regions, and it’s worth noting that this incident did not impact the other five regions, where traffic levels are consistently higher than in the affected region.

Nature of the Compromise

It’s essential to clarify that only log data from this single region and log service was affected by this compromise. Fortunately, our regular data management procedures include the rotation of log data every two days, which limited the amount of data exposed. Nevertheless, we discovered that some of this log data contained Personally Identifiable Information (PII), which heightened our concern.

Minimal Impact on Transactions

We are relieved to report that, despite the situation, our transactional data remained entirely unaffected and secure. This means that customer transactions and sensitive financial and medical information remained completely insulated from this incident.

Prompt Notification and Collaboration

Upon detecting the issue on August 29th, we took swift and decisive action. Identifying the single affected customer, we promptly notified them. Additionally, we initiated a close collaboration with the customer’s network audit team, ensuring a comprehensive investigation of the situation.

Internal Process Enhancements

We take data privacy and security seriously, and this incident serves as an invaluable learning experience. As a result, we have taken steps to enhance the rigor of our internal processes and improve our ability to detect and prevent such situations in the future. Our objective is to ensure that incidents like this can be averted at the earliest possible stage.

Exploring External Audit Opportunities

In tandem with our internal improvements, we have actively planned conducting an external audit. Such an audit would help us identify any potential gaps in our security measures that may have gone unnoticed. Our unwavering commitment to data security drives us to continuously seek ways to enhance our processes.

Data Privacy Remains Our Foremost Priority

At our core, CrelioHealth prioritise’s the security and privacy of the data entrusted to us. This incident has reinforced our dedication to safeguarding data and reminds us of the ever-evolving nature of security challenges. We want our customers to be confident that we are resolute in our commitment to ensuring their data remains secure. To uphold this promise, we will continue to invest in both internal and external measures.

Related Posts

Leave a Reply

%d bloggers like this: