Personal Information Of Rehab Patients Discovered Online
The medical industry continues to face an uphill battle in cybersecurity. Out of all industries, healthcare has had the most data breaches, affecting hundreds of millions of people. Regardless of if it is a hospital or an insurance company, data leak faux pas continues to happen.
This incident is no different as the personally identifiable information of over 145,000 patients at “Levittown Steps to Recovery” addiction facility and “Ohio Addiction Recovery” was exposed online. The ElasticSearch database was originally discovered by Justin Paine who is Cloud Flare’s Director of Safety .Paine found that the information was easily available through a Google search of the patient’s name, followed by Ohio.
The unsecured data breach is particularly unsettling due to how much personally identifiable information is given. In the original post, the author shows what a Google search with the database would show. Without even visiting the site, anyone can see Google’s generated preview of the page which includes name, city, and why they were admitted in the first place.
To make matters worse, the database was discovered on March 24, 2019. Paine reached out to them immediately and did not hear a reply. He followed up on his timeline and as of April 15, 2019, there was still no comment on whether or not patients were notified.
Why Data Breaches are Dangerous
Medical data breaches and exposed databases continue to pose significant security problems for all those involved. First, patients expect that information is kept private when they go to a hospital or sign up for insurance. However, recent events are showing it’s the opposite.
Hospital records along with University student records are big targets for hackers due to the amount of information that can be obtained. Medical records contain social security numbers and other personally identifiable information. This is a risk because hackers can use this information for identity theft.
Data breaches can cause a significant amount of damage to all industries and the people they serve. Fortunately, Secure Forensics can help stop a data breach and mitigate the risks. Our digital forensic experts can deploy to anywhere in the world within 24 hours to help stop a breach. For a free phone consultation, contact us at 1-800-288-1407.