Leaked data. Continuous glucose monitoring

A researcher discovered a publicly readable and writable AWS S3 bucket holding real-time glucose data from smart CGM devices in a likely closed-loop insulin dosing trial, creating a severe risk of data tampering that could trigger dangerous automated overdoses. After urgent outreach to the vendor’s CISO, access was promptly restricted, averting potential harm. The report underscores the risks of cloud misconfiguration in healthcare IoT, the need for robust security reviews, threat modeling, and accessible disclosure channels.