Unsecured Fax Server Exposes a Trove of Medical Data

A health tech company left thousands of doctors’ notes, medical records, and prescriptions exposed due to a security lapse. According to a security company that discovered the data, the fax server had no password. Meaning anyone could read the content of the transmitted faxes in real-time. It’s not immediately known if anyone else discovered the exposed server, or how long the data was exposed.

Unsecured Fax Server Exposes a Trove of Medical Data

The software company, California-based Meditab, considers itself as one of the leading electronic medical records software makers for hospitals, doctor’s offices, and pharmacies. Although it’s a primary method for sharing patient files to other providers and pharmacies, one of the company’s responsibilities is processing electronic faxes for healthcare providers.

Unfortunately, a fax server wasn’t properly secured. And a Dubai-based cybersecurity company, SpiderSilk was quick to point out the defect. The unsecured fax server was running an Elasticsearch database with over six million records since its creation in March 2018.

What Did the Data Contain?

The faxes exposed included a host of personal and health information. They contained medical records, doctors’ notes, prescriptions, illness information like blood test results. Personal information like names, addresses, dates of birth, Social Security numbers, health insurance information, and payment data was also part of the content. The faxes also comprised personal data and health information on children. None of the data was encrypted.

Founders’ Response

Kalpesh Patel, founder of MedPharm Services and Meditab said: “the company was looking into the issue to identify the problem and solution.” Angel Marrero, the company’s general counsel wrote in an email: “We are still reviewing our logs and records to access the scope of any potential exposure.” 

When asked if the company planned to inform regulators and customers, Marrero replied by saying: “The company will comply with any and all required notifications under current federal and state laws and regulations, as applicable.”

Security Measures

Meditab and MedPharm claim to be compliant with HIPAA, the Health Insurance Portability and Accountability Act. This organization controls how healthcare providers properly manage patient data security. It’s worth noting that companies that expose data or violate the law can be subject to hefty fines.

Other Breaches

This is not the first time this kind of breach has happened. Similar cases like the Airbus breach, the Monster Data breach, and Apple’s iCloud mishap have made online security a huge concern. Two years ago, Yahoo went through 2 separate attacks that affected almost all of its user base. This resulted in Yahoo in paying a $50 million settlement.

Lаst yeаr marked a yeаr of “reсord” fines a total of $25 million for severаl exposures and breасhes. This inсludes $4.3 million in fines to the University of Texаs for аn inаdvertent disсlosure of enсrypted personаl heаlth dаtа and a settlement by Fresenius wаs for $3.5 million following five sepаrаte breасhes.

What Are Security Breaches?

A security breach is just like a break-in. If an intruder gets a hold of your documents and personal information and steals it, that’s considered a data breach. Security breaches happen a lot, it might not happen with you, but it is very common in large and small organizations. A security breach can soil a company’s reputation and finances.

Such breaches happen when an intruder gains unauthorized access to a company’s protected systems and data. Cyber criminals or malicious applications bypass security mechanisms to reach restricted areas. A security breach is an early-stage violation that can cause system damage and data loss.

Unsecured Fax Server Exposes a Trove of Medical Data – Final Words

Data breaches on a huge scale seem to constantly be in the news. The type of breaches differ according to the case at hand, but it’s no secret that companies and firms who endure breaches by hackers suffer serious consequences. So, we advise you to take precautionary measures to ensure that nothing like that happens to you. There are several ways in which you can safeguard your device and the entire office network.

When it comes to information security, there are no guarantees. Even the most security-conscious organization, company, or firm might be at risk to face cyber attacks, security breaches, and hacks. By following our Internet security tips to staying safe online, you can greatly enhance your organization’s odds of fending off hackers who are after its confidential information.