Data Breach at Home Monitoring Company Exposes 150K Patients’ Files | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Data Breach at Home Monitoring Company Exposes 150K Patients’ Files

October 11, 2017
by Rajiv Leventhal
| Reprints

Security researchers have uncovered a data breach linked to a healthcare services company, Patient Home Monitoring Corporation (PHM), in which patient files of some 150,000 Americans were exposed.

According to one report in Gizmodo, lab test results and other patient files, discovered by researchers at the Kromtech Security Center, had been stored on an unsecured Amazon S3 bucket. “According to Kromtech, the files were publicly accessible and unprotected by a password. A cursory examination of the contents revealed a wide range of sensitive details about patients whose names, addresses, phone numbers, diagnoses, and test results were exposed,” the report stated.

The report noted that the files were linked to Patient Home Monitoring Corporation, a Lafayette, La.-based company that provides U.S. patients with in-home monitoring and disease management services. The data breach contained about 47.5 GB-worth of data composed of roughly 316,000 PDF files.

On Oct. 5, PHM was alerted that sensitive medical records belonging to the company had been exposed. Following notification, the bucket was secured on the same day. PHM did not, however, respond to Kromtech’s inquiries, per the Gizmodo report.

Providing some additional information, MacKeeper Security Research Center reported that the breach “contained medical data in 316,363 PDF reports in the form of weekly blood test results. Many of these were multiple reports on individual patients. It appears that each patient had weekly test results totaling around 20 files each.”

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Great Lakes Health Connect Implementing Alerts for Social Determinants of Health

Great Lakes Health Connect (GLHC), Michigan’s health information exchange (HIE), is partnering with health IT solutions company Holon Solutions to enable alerts that address patients’ physical, mental and social determinants of health.

Ohio Man Charged for Allegedly Defrauding Cleveland Clinic out of $2.8M

A man in Westlake, Ohio has been indicted in federal court for his role in a conspiracy to defraud the Cleveland Clinic out of at least $2.8 million.

Survey: Most Providers Say Interoperability by 2020 Not Attainable with Current Federal Policies

The majority of healthcare providers (71 percent) believe that current federal polices, committees and regulations are not sufficient to help the country attain meaningful health IT interoperability by 2020.

House Committee Presses Nuance Executives on NotPetya Attack

he U.S. House Energy and Commerce Committee is requesting that Nuance Communications executives provide more information about the malware incident, called NotPetya, that impacted the company, along with multinational companies in 65 countries, back in June.

Regenstrief Researchers to Study Impact of HIE on Emergency Care

Scientists at the Indianapolis-based Regenstrief Institute are conducting what they say is the first study of health information exchange (HIE) use over multiple years to evaluate whether it improves patient outcomes in emergency departments.

Report: Healthcare Organizations Struggle with Human Error in Securing PHI

In the first nine months of 2017, unintended disclosure accounted for 41 percent of healthcare data breach incidents, according to a report from specialist insurer Beazley.