Leaky Database at Third Party Medical Service Provider
Who: MediTab Software, Inc.
When: 19 Mar 2019
# of records involved: Possibly up to 6 Million
What happened: Meditab Software Inc. and MedPharm Services have suffered a massive breach of protected health information.
How did it happen: Meditab also provides a fax processing service and one of the servers used for processing faxes has been discovered to be leaking data and could be accessed over the internet without the need for any authentication. The fax server was hosted on a subdomain of MedPharm Services and housed an Elastisearch database containing fax communications. Those faxes could be accessed in real time. The database was created in March 2018 and housed more than 6 million records. It is currently unclear how many of those records contained protected health information.
Outcome: After being alerted to the breach, the fax server was taken offline, and an investigation was launched to identify the cause of the breach. Database logs are currently being assessed to determine the extent of the breach, which patients have been affected, and whether the database was accessed by unauthorized individuals or downloaded. It is unclear for how long the server was left unprotected and how many patients have been affected by the breach. Considering the number of records in the database, this breach has the potential to be one of the largest ever healthcare data breaches in the United States.