Patient Health Records Exposed
The fun never ends in the cybersecurity world. Researchers at Kromtech Security Researchers recently disclosed the existence of yet another insecure AWS server. This time, the server stored the most sensitive of all data – patient health records.
On Sept. 29th, Kromtech discovered a new insecure server, owned by Patient Home Monitoring Corp. (PHMC). PHMC accidentally changed configuration settings to make the server “Public” instead of “Private”, the default setting. The result? Public exposure of 316,363 separate PDFs (41.5 GB) containing extremely sensitive patient records. Files have included doctors’ notes, lab results, names, and personal contact info. Since PHMC provides at-home blood tests, almost all the data the PHMC has on someone got exposed in this breach. All told, the researchers believe that these PDFs expose the health data of up to 150,000 Americans. Kromtech notified PHMC of what they found on Oct 5th, and the company fixed the issue the next day.
Secure Compliance Solutions LLC (SCS) provides a wide range of CISO advisory consulting and Managed Security Services that help our clients build and strengthen their strategic Information Security and Data Privacy programs. SCS believes that a comprehensive implementation of industry-tested frameworks and standards not only helps organizations meet their compliance goals, but significantly strengthens overall security posture. We raise awareness of current security trends and risks to prepare personnel to recognize potential security issues. Our Managed Security Service is designed so clients can offload the responsibility of “constant watch” against both internal and external cyber threats and attacks. SCS helps our customers wade through complex and evolving cybersecurity regulations, and defends their business interests against increasingly sophisticated cyber threats. At SCS, we champion a strategy of readiness and resilience that facilitates business risk mitigation and enables dynamic response capabilities. Contact us to learn more.