Over 320K Medicare applications exposed, revealing patients’ health data

Last updated: 18 March 2025
Medicate applications leak
Image by Cybernews.

Insurance brokerage firm Oberlin Marketing has left an open bucket leaking hundreds of thousands of sensitive documents, including customer health condition status and financial info.

Even though healthcare data is among the most sensitive information about individuals, not all companies take its security seriously. For example, the Cybernews research team discovered an unprotected AWS S3 bucket with a treasure trove of extremely sensitive user data.

The exposed bucket, owned by a US-based Oberlin Marketing, contains over 320,000 sensitive documents containing data ranging from names and home addresses to mortgage details.

ADVERTISEMENT

Alarmingly, despite multiple attempts to notify the company about the issue, the bucket remains exposed, spilling sensitive customer data online. We have reached out to Oberlin Marketing for comment and will update the article once we receive a reply.

“If data like personal information or health records were exposed, Medicare beneficiaries, often older and potentially more vulnerable to scams, could be at a higher risk for fraud, identity theft, and other cyber threats.”

What data did Oberlin Marketing leak?

According to the team, the leaked documents are mostly Medicare applications, which means that most of the details users need to include were inadvertently made public. Leaked info includes:

  • Names
  • Home addresses
  • Dates of birth
  • Genders
  • Phone numbers
  • Signatures
  • Health information
  • Financial details

The application includes health data encompassing customer responses to questions regarding health conditions, including heart disease, stroke, cancer, high blood pressure, cholesterol, and diabetes. Meanwhile, financial information includes loan amounts, lender data, co-borrower data, and mortgage details.

“If data like personal information or health records were exposed, Medicare beneficiaries, often older and potentially more vulnerable to scams, could be at a higher risk for fraud, identity theft, and other cyber threats,” our researchers said.

Why are Oberlin Marketing’s customers in danger?

ADVERTISEMENT

Exposing data customers provide on Medicare applications creates numerous risks for the individuals involved. For one, attackers can exploit leaked data for identity theft as access to personal identifiers enables malicious actors to open fraudulent bank accounts, apply for loans, or engage in other illegal activities using stolen identities.

“Cybercriminals may exploit this information to access financial services or conduct unauthorized transactions, which could cause significant financial and reputational damage to victims. For Medicare clients, who may be elderly, such fraud could have particularly severe long-term consequences,” the team explained.

Moreover, cybercrooks could utilize leaked details for targeted phishing and social engineering attacks. Exposed personal details enable attackers to send fake emails, texts, or calls posing as legitimate entities to deceive individuals into revealing further sensitive information, like login credentials, or to download malware.

Gintaras Radauskas Niamh Ancell BW Ernestas Naprys jurgita
Stay informed and get our latest stories on Google News
Google News Follow us

Equipped with personal and health information, attackers could craft highly convincing messages that reference specific details, such as health conditions or loan amounts. Such targeted messages can be particularly effective, as they appear tailored and legitimate, increasing the likelihood of successful phishing attacks.

The team believes leaked details would also allow attackers to peddle fraudulent schemes to unsuspecting victims. For example, scammers could promote fake Medicare-related services or “mortgage assistance” schemes. Victims may be persuaded to pay fees or disclose additional personal information, believing they are accessing legitimate services.

“Leaking phone numbers and addresses increases the likelihood of victims receiving unwanted calls, messages, or emails from marketers, scammers, or even stalkers. This can lead to harassment, privacy invasions, and further attempts at fraud,” researchers said.

To prevent similar data leaks, our team advises to:

  • Change the access controls to restrict public access and secure the bucket. Update permissions to ensure that only authorized users or services have the necessary access.
  • Retrospective monitoring of access logs to assess whether the bucket has been accessed by unauthorized actors.
  • Enable server-side encryption to protect data at rest.
  • Use AWS Key Management Service (KMS) for managing encryption keys securely.
ADVERTISEMENT
  • Leak discovered: October 20th, 2025
  • Initial disclosure: January 28th, 2025
  • CERT contacted: February 18th, 2025
Share
Post
Share
Share
Share
More from Cybernews
This week in AI: OpenAI’s o3, Anthropic’s agentic Research, and a few updates from Chinese vendors
Critical security flaw affects Asus AiCloud routers, urgent update required
Roblox allegedly made over $120K ripping off viral Charlie XCX “Apple Dance” creator
Critics call Florida bill aiming to protect minors a threat to encryption
Ethereum phishing scam victims warned in Operation Avalanche
“Vote for me” scam turns into chain reaction of stolen Facebook, X accounts
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked