Data Viper Helps Thwart A Huge Data Breach At Harvard Medical

Harvard University Medical School

Harvard Medical is one of the oldest medical schools in the United States and is currently ranked the number one school for medical research in the country. As a medical research institution, Harvard Medical has been behind a number of important medical and public health innovations, including the introduction of a smallpox vaccine, the very first use of anesthesia for pain control during surgery, the introduction of insulin to treat diabetes, the first human kidney transplant, and the first heart valve surgery.

As one of the world’s leading medical research institutions the data and intellectual property at Harvard Medical can be considered to be extremely valuable, especially in the face of national state hackers wishing to steal research for their own country’s advancement.

A Problem Hidden In Private Hacker Chatter

Night Lion’s threat intelligence team was monitoring the private conversations of a well-known hacking group when they began discussing a number of compromises originating from Amazon AWS S3 buckets.

One of the actors specifically mentioned discovering AWS credentials belonging to Harvard Medical. After stealing AWS keys from a developer’s GitHub account, the hacker reached out the friends in his forum to brag about his findings and ask for assistance in decoding and stealing the “large amount of data”.

The stolen medical data would represent an enormous breach of confidential medical data and could have potentially destroyed any specific programs if the data has been stolen or leaked.

The Solution

Night Lion contacted the cybersecurity team at Harvard Medical to inform them of the hacker’s activities and plans to exfiltrate their data from the compromised data buckets. The information provided to Harvard’s security team allowed them to identify and terminate the compromised AWS login credentials so that the hackers could be locked out before any data was accessed or exfiltrated.