Medical Data Exposed As 150,000 Patients’ Sensitive Records Were Left Unsecured

More than 47GB worth of sensitive medical records belonging to an estimated 150,000 Americans were inadvertently left exposed in an unsecured Amazon server, according to security researchers.

The exposed documents were connected to healthcare firm Patient Home Monitoring (PHM), which provides in-home monitoring and disease management services for patients in the US. The files were left exposed in a publicly accessible Amazon S3 repository and contained sensitive medical data including patients’ names, addresses, phone numbers, diagnoses and test results. In some cases, records also detailed patients’ dates of birth and information on the physicians overseeing them.

Commenting on this, Christopher Littlejohns, EMEA manager at Synopsys, said “Cloud based solutions are becoming increasingly popular and attractive to businesses – and rightly so. They have a growing reputation for enhanced security which is sometimes better than internal solutions. Couple this with the well known cost benefits and we have attractive solutions. The problems occur when the built in security enhancing capabilities are not used correctly; in this case proper authentication to grant access to sensitive data and lack of encryption. This is a common theme for such sensitive data leaks which often have their root causes in ineffective processes, poor coding practices and human error. They all amount to the same thing, you are only as secure as your weakest link.”