CLOUD
CLOUD
CLOUD
Medical software provider Medevolve exposes 200,000 patient records online
A failure to protect online data has resulted in the exposure of approximately 200,000 protected health information records from Arkansas-based practice cloud management software provider Medevole LLC.
The data breach involved Medevole leaving a backup database of customer data from Premier Immediate Medical Care LLC, a healthcare provider with outlets in Pennsylvania and Delaware, on an FTP server without password protection — or as Medevole described it, the file was “inadvertently accessible to the internet.”
A subsequent investigation by the company found that a file had been “subject to unauthorized access on March 29, 2018” and that the information within the file was subsequently posted online. But it doesn’t say whether the data had been stolen for nefarious purposes. The reference could possibly refer to a report from Databreaches.net May 16, which not only detailed the data exposure but also included a screenshot of information contained within the exposed database.
The data exposed included patient names, billing address, telephone number, the identification of patient’s primary health insurer and the Social Security numbers for some of the individuals. But it didn’t include any clinical information such as treatment or diagnosis or any financial information such as methods of payment.
MedEvolve said that it has shut down access to the file and hired a third-party forensic investigator to conduct an exhaustive investigation of this matter. It’s also working to implement additional safeguards and security measures to enhance the privacy and security of information in its systems.
Scott Schneider, chief revenue officer at CyberGRX Inc., told SiliconANGLE that healthcare providers need to understand that the growing reliance upon and interconnectivity with third parties, while critical to run their practices, poses significant risk.
“Patients trust their healthcare providers with incredibly personal and sensitive data, and a breach of data is also a breach of that trust,” Schneider said. “The information security posture of third parties, including all solution providers, must be measured, monitored and viewed as part of their extended ecosystem of responsibility.”
Image: Medevole
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
