UPDATED 22:24 EDT / JULY 12 2018

CLOUD

Medical software provider Medevolve exposes 200,000 patient records online

A failure to protect online data has resulted in the exposure of approximately 200,000 protected health information records from Arkansas-based practice cloud management software provider Medevole LLC.

The data breach involved Medevole leaving a backup database of customer data from Premier Immediate Medical Care LLC, a healthcare provider with outlets in Pennsylvania and Delaware, on an FTP server without password protection — or as Medevole described it, the file was “inadvertently accessible to the internet.”

A subsequent investigation by the company found that a file had been “subject to unauthorized access on March 29, 2018” and that the information within the file was subsequently posted online. But it doesn’t say whether the data had been stolen for nefarious purposes. The reference could possibly refer to a report from Databreaches.net May 16, which not only detailed the data exposure but also included a screenshot of information contained within the exposed database.

The data exposed included patient names, billing address, telephone number, the identification of patient’s primary health insurer and the Social Security numbers for some of the individuals. But it didn’t include any clinical information such as treatment or diagnosis or any financial information such as methods of payment.

MedEvolve said that it has shut down access to the file and hired a third-party forensic investigator to conduct an exhaustive investigation of this matter. It’s also working to implement additional safeguards and security measures to enhance the privacy and security of information in its systems.

Scott Schneider, chief revenue officer at CyberGRX Inc., told SiliconANGLE that healthcare providers need to understand that the growing reliance upon and interconnectivity with third parties, while critical to run their practices, poses significant risk.

“Patients trust their healthcare providers with incredibly personal and sensitive data, and a breach of data is also a breach of that trust,” Schneider said. “The information security posture of third parties, including all solution providers, must be measured, monitored and viewed as part of their extended ecosystem of responsibility.”

Image: Medevole

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU