https://portswigger.net/daily-swig/california-public-office-admits-covid-19-healthcare-data-breach
Exploit: Misconfiguration
Kings County California Public Health Department: Local Government Agency Services
Risk to Business: 2.711= Moderate
Kings County, California announced that the security flaw in its public webserver made limited information on COVID-19 cases available on the internet. The misconfiguration has been chalked up to a negligent third-party contractor. Discovered in mid-November 2021, officials say that the flaw was in place starting on February 15, 2021, and was corrected on December 6, 2021.
Risk to Business: 2.701= Moderate
In a statement, the county said that names, dates of birth, addresses and COVID-related health information for county COVID-19 cases was among the data that was available to view. They’ve set up a dedicated call center to answer questions from the public.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Misconfiguration incidents due to employee or contractor negligence are just as expensive and damaging as cybercrime when regulators get finished with companies that have them.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.