DNA Testing Company Vitagene Exposed Over 3,000 Patient Records Due to Misconfigured Database

• The AWS database was exposed on the internet for several years until it was secured on July 1, 2019.
• The compromised data included users’ full names, birth dates, genetic health information, and other medical conditions.

A misconfigured Amazon Web Services (AWS) database had left more than 3,000 client health reports exposed to the internet for several years. The exposed data belonged to a DNA-testing service vendor Vitagene Inc.

What data was exposed?

On July 1, Vitagene was notified that one of its AWS databases was leaking some of its consumer data, Bloomberg reported. The compromised data included users’ full names, birth dates, genetic health information, and other medical conditions.

Around 300 files in the database contained raw genetic DNA information, some of which had consumer’s name. Another 1,401 user files, which typical meant for access by employees, were stored with a less secure setting.

The leaky database also contained documents with users’ contact details like some email addresses. However, no credit card information, passwords, or other financial data was compromised in the incident.

What actions were taken?

Upon learning about the leak, Vitagene had shut down the access to the database on July 1. The firm said that the exposed files dated from when the company was in ‘beta’ testing and represented a small fraction of its customer base.

To boost its cybersecurity, Vitagene had updated its security protocols in 2018. It has also hired a third-party security expert team to run external and internal testing across its all application.