Here we go again and this time it’s not a hospital or a doctor’s office but rather a legal service that represents doctors and patients receiving worker’s compensation,so all their records were supposed to be secure for appropriate parties to access, but they were not.  A researcher from Identity Theft discovered imagethe breach and said there were 2 basic techniques that could have been used to protect the data.

Somebody in the IT or IS department I might say is looking for a new job or a new contract might be in order if not done in house.  Everything was there, social security numbers, insurance forms and doctors notes.  The researcher stated that anybody with half a brain and access to Google could find the information as he came across it on an internet search.  The company has since put a password on the files to disallow further access and that makes you wonder, not even a password was on the website?  Certainly there may have been a couple of levels to secure as there are in many medical record areas but one obviously was not addressed.  One man had his entire story about his trip to Costa Rica and how the tourism company went bankrupt on there.  Not too long ago a device used to track activity with exercise levels and sleep levels also found itself in the middle of a Google search with sex activity profiles online.  It’s time in healthcare to focus on security for a while and give productivity a short break I think.  BD  

Fitbit Profile Sexual Activity Shows Up In Google Search Results–Default Privacy Settings Allow Search Engines To Post

SAN FRANCISCO (AP) — Until recently, medical files belonging to nearly 300,000 Californians sat unsecured on the Internet for the entire world to see.

There were insurance forms, Social Security numbers and doctors' notes. Among the files were summaries that spelled out, in painstaking detail, a trucker's crushed fingers, a maintenance worker's broken ribs and one man's bout with sexual dysfunction.

At a time of mounting computer hacking threats, the incident offers an alarming glimpse at privacy risks as the nation moves steadily into an era in which every American's sensitive medical information will be digitized.

Southern California Medical-Legal Consultants, which represents doctors and hospitals seeking payment from patients receiving workers' compensation, put the records on a website that it believed only employees could use, owner Joel Hecht says.

The personal data was discovered by Aaron Titus, a researcher with Identity Finder who then alerted Hecht's firm and The Associated Press. He found it through Internet searches, a common tactic for finding private information posted on unsecured sites.


Post a Comment