Cyber Security

Healthcare data breach fears raised as US orthopedic clinic admits leaving patient records on insecure server

A US orthopedic practice has admitted that patient healthcare information was inadvertently left on a server that anyone with an internet connection could access.

In a data breach notice, Mendelson Kornblum Orthopedic and Spine Specialists admitted that patient names, medical record numbers, dates of birth, gender, and medical image metadata were potentially exposed as a result of the data privacy lapse.

“The potentially viewable information did not include any medical images themselves, other diagnosis or treatment information, health insurance information, Social Security numbers, credit or debit card numbers, or financial account information,” the clinic stated in its notice.

Public-facing server

The issue was uncovered on January 5, since which the clinic has taken steps to bolster its security.

It’s unclear how long the problem existed before it was uncovered, much less whether anyone actually viewed the sensitive and confidential information on show.

The medical practice “identified and closed the vulnerability on the applicable server and reviewed and enhanced its existing security procedures to try to prevent similar incidents in the future” as well as notifying US regulators about the incident.

“Based on the findings of its investigation, the practice has no evidence of any misuse of any patient health information,” Mendelson Kornblum Orthopedic said, adding that it nonetheless advised its patients to remain vigilant and monitor their account statements and credit reports for any suspicious activity.

The Daily Swig asked Mendelson Kornblum Orthopedic how many patient records were potentially exposed by the incident.

No word back as yet from the clinic, but an entry on the US Department of Health and Human Services Office for Civil Rights breach report portal suggests that just under 29,900 patient records were caught up in the incident.

Source: https://portswigger.net/daily-swig/healthcare-data-breach-fears-raised-as-us-orthopedic-clinic-admits-leaving-patient-records-on-insecure-server

Click to comment

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version