SECURITY WATCH / SECURITY WATCH04 / 05 / 2016
MacKeeper Security Research Center Discovers Medical Record Leak: 150,000+ Patient Names, Records Diagnoses and Treatment Available Online
Digital Medical Records are the future, but how safe is your private data?
Discover how MacKeeper helps to keep your personal data safe from prying eyes.
Medical records contain all information relating to a patient's medical condition. In the old days medical records were a paper folder stored at the Doctor’s office. The records were relatively safe and secure because they were locked away in a storage room and only a small number of people would have access to them. Now anyone with an internet connection can potentially access the sensitive information of a massive number of Americans.
The MacKeeper Security Research Center experts have discovered the open and unsecured databases of the Electronic Medical Record by management companies Carebox and HealthELT. The databases contain the private medical data of more than 150,000 patients and were not encrypted or password protected. US Federal Law prohibits publicly sharing medical records under HIPAA that allows access to medical records and to keep that information private.
HealthELT according to their website is a “Startup That Focuses On Medicaid Engagement, Logistics, And Technology Services”. To be fair, their database was secured and closed before we could contact them about the leak.
Clayton Gulick, CTO of HealthELT, replied to the notification email:
“We discovered this last week and closed it down, it was just a misconfigured dev database with test data, no sensitive data was leaked. Thanks again for notifying us!!”
***The screenshot clearly shows Social Security numbers and other sensitive medical data.
Carebox’s website says “We believe that Carebox will accelerate an inevitable transformation in how patient clinical data is collected, organized, and used… and we think the potential implications of that are incredible for consumers, life sciences, providers, payers, and employers!”
By the time of publication Carebox did not respond to the notification email, but their database is now secured.
For cost and convenience medical professionals all agree that the future of Medical Records are Electronic Medical Records (EMRs). The benefit of EMRs are that they can be tracked and available at a moment’s notice to any medical provider. However, this also makes Electronic Medical Records vulnerable to data leaks or being exposed online if they are not properly secured and protected. This is yet another lesson of how important it is to secure and encrypt the private data of customers and users of any digital service provider.
Medical Record Storage is a vital concern for Practices, Clinics, and Hospitals of every size. As the requirements for Medical Records Management continue to change, practices need to stay updated on the latest data security practices and be in full compliance with the latest Records Retention Requirements. The MacKeeper Security Research Center did not download the entire user database, but only took screenshots as proof of the data leak and immediately notified Carebox and HealthELT to ensure the data was secured.
Continue reading security news at MacKeeper Security Watch with Chris Vickery.
Attention - Portions of this article may be used for publication if properly referenced and credit is given to MacKeeper Security Research Center.
Do you have security tips or suggestions? Contact: email@example.com