Home Almond Doctor Responds to Alleged Theft of 350,000 Physician Records: Incident Confirmed, Insider Involved, but No Data Breach Occurred

Almond Doctor Responds to Alleged Theft of 350,000 Physician Records: Incident Confirmed, Insider Involved, but No Data Breach Occurred

May 17, 2017 14:25 CST Updated 14:25

xignren.jpg


On May 17, media outlets widely covered an article titled “Insider + Hacker + Xingren Leak Data of 350,000 Doctors.” It is reported that two loan intermediaries in Guangdong Province colluded with an insider to steal 352,962 records from the mobile physician work platform “Xingren Doctor.” The individuals involved have either surrendered to authorities or been arrested.

 

Almond Doctor promptly contacted VCBeat and issued an official statement regarding the incident:The incident is confirmed to be true. However, no data was leaked. Xingren has an automatic alarm system that immediately detected the data anomaly and triggered an alert. The police promptly apprehended the perpetrators and seized their servers, thereby intercepting the data. An examination of the server monitoring logs revealed no evidence of data leakage, such as forwarding, downloading, or backing up. Nevertheless, Xingren Doctor acknowledged that one of the individuals involved was a former employee.

 

The spokesperson provided VCBeat with a detailed account of the entire incident: In late September last year, Wu, a Guangzhou-based consultant for Xingren Doctor, colluded with an external individual, Lu, in an attempt to scrape information on physician users. Since the Xingren Doctor backend management system only supports login via WeChat QR code scanning, the external party sent screenshots of the QR codes to Wu, who then scanned them to assist Lu in logging into the system. After logging in, Lu was restricted to querying data using his own mobile device and could only access information on physicians under Wu’s management.

 

To scrape more data, Wu enlisted a technician named Wen to illegally download a small portion of physician data. During the National Day holiday, Wen made multiple attempts to download the data but failed using his home computer. He subsequently switched to an Alibaba Cloud server, which enabled large-scale data downloading. However, since Xingren Doctor had implemented certain obfuscation measures on physician data, much of the downloaded data was invalid. Furthermore, due to numerous intermediate attempts, there was significant duplication; consequently, the actual volume of successfully acquired data was not substantial.

 

“We detected abnormal activity associated with Mr. Wu’s account in the logs at the earliest opportunity and immediately suspended the account’s access privileges. Meanwhile, the manager in Guangzhou confronted Mr. Wu, who admitted to compromising his account credentials. We promptly reported the incident to the police, and with their assistance, Alibaba Cloud froze the server. Consequently, no data was leaked. The Guangzhou police also responded effectively, swiftly apprehending the suspects, Mr. Lu and Mr. Wen.”

 

It is reported that Xingren Doctor imposes strict restrictions on permissions in its management backend, preventing users from viewing unauthorized information or performing unauthorized operations. All activities in the management backend are subject to rigorous auditing, with detailed records maintained for every action.

 

The spokesperson revealed that, in the aftermath of the incident, Xingren Doctor implemented stricter security measures and strengthened internal management as well as legal awareness training for staff to prevent such incidents from recurring.