Security researchers discovered an unprotected Amazon S3 bucket containing over 3 terabytes of sensitive patient records, imaging files, and internal communications belonging to a large regional healthcare provider.
The bucket lacked basic authentication and was completely accessible to anyone possessing the URL. Analysts attribute the breach to a flawed Infrastructure-as-Code (IaC) push that inadvertently modified the bucket's Access Control List (ACL) to "Public-Read".
The provider was notified and secured the bucket within 4 hours, though logs indicate scraping tools had already accessed the data.
