Almost 2.6 million medical records were leaked online by an artificial intelligence company in July, a security expert has claimed. This is just one of many data breaches in the last few years that collectively highlight the major privacy concern felt by many when using online services. Although as this pertains to medical information, it comes with an additional level of concern.
Back in March, a data breach exposed the personal information of 200 million Americans. In that case researchers reportedly found roughly 800 gigabytes of detailed information had appeared on a publicly accessible Google Cloud server. Though, the files were deleted quickly, it was yet another example of the scale and scope of such instances. Furthermore, that was just one incident with many others having been reported before and afterwards.
As for this new breach, security consultant Jeremiah Fowler wrote in an opinion piece for Secure Thoughts where it was explained, how on July 7 medical records had made their way online. According to the information, the records included names, addresses, dates of birth, auto accident insurance claims, and medical information and notes. In addition, the data was also said to contain internal records which could potentially be vulnerable to a ransomware attack
Fowler explained how several references to an artificial intelligence company, Cense were found, suggesting a link to the issue. The company uses machine learning technology to provide end-to-end business process management and offers its services to the healthcare, education and e-commerce industries. Listed as staging data, the records were reportedly stored at the same IP address as Cense's public website and were accessible by any browser. While Fowler couldn't state how long the data was openly accessible for, shortly after alerting Cense of the discovery, access to the staging portal was restricted.
This revelation raises significant privacy concerns regarding the safety and security of medical data, considering Fowler found 2,594,261 records in total. Before Cense restricted access to the site, anyone could have viewed, downloaded, edited, or even deleted the data. Furthermore, as Fowler points out, the exposure of such data potentially violates the Health Insurance Portability and Accountability Act, which could lead to fines of up to $25,000 per violation. Under New York's Information Security Breach and Notification Act, residents have the right to know when a breach exposes their private information. While it is unclear if this incident did lead to any violations of the act, it is still a cause for concern. Adding to the list of concerns, Fowler also highlighted that data as sensitive as medical information is often of major value to those who buy and sell on the dark web.
Source: Secure Thoughts
from ScreenRant - Feed https://ift.tt/2Fu0v3I
No comments: