Medical Data Exposed As 150,000 Patients' Sensitive Records Were Left Unsecured: Report

NEW YORK, NY — Sensitive medical information for about 150,000 patients was exposed in an unsecured online data storage account for the company Patient Home Monitoring, Kromtech Security Center reported Tuesday. While it's unclear whether the data was accessed for any illicit purposes, federal law requires medical companies to protect sensitive information and notify patients of any breaches.

Patient Home Monitoring coordinates care for patients who receive treatment in their own houses. It did not respond to a request for comment on this story.

"This is yet another wake-up call for companies who try to bridge the gap between healthcare and technology to make sure cyber security is also a part of their business model," Alex Kernishniuk, vice president of strategic alliances at Kromtech, a data security firm, said in a statement. (For more national stories, subscribe to the Across America Patch to receive daily newsletters and breaking news alerts.)

Researchers at Kromtech discovered the unsecured information in an Amazon S3 bucket, which companies frequently use to store data. Kromtech notified the company PHM shortly after discovering the security concerns earlier this month, and the problem has since been fixed. However, PHM has not confirmed to Kromtech that it received the data security company's report.

Data in the bucket contained patient names, doctor names, dates, as well as "weekly blood test results, containing patients names, addresses, phone numbers, and test results," Kromtech said. It also had doctor notes and additional patient information.

"This Amazon repository was misconfigured to be [publicly] available and anyone with an internet connection could access these confidential medical records," said Kernishniuk. "Even the most basic security measures would have prevented this data breach. Unfortunately, there are many more databases and cloud storage repositories waiting to be discovered and the Kromtech Security Center is committed to helping to secure and protect data online."

Photo credit: DarkoStojanovic / Pixabay