Email
Password
Remember meForgot password?
    Log in with Twitter

article imageElectronic health records provider caught out in data breach Special

By Tim Sandle     Dec 2, 2020 in Technology
NTreatment, a technology company that manages electronic health and patient records for doctors and psychiatrists, left thousands of sensitive health records exposed to the Internet because one of its cloud servers wasn’t protected with a password.
With the NTreatment data breach issue, it appears that none of the data was encrypted. Furthermore, the security protocols were such that nearly all of the sensitive files were viewable in the browser. It is also apparent that some of the medical records belonged to children.
The data was secured on November 30, 2020, after industry website TechCrunch contacted the company In a response email, NTreatment co-founder Gregory Katz told TechCrunch that the server was “used as a general purpose storage,” but did not say how long the server was exposed.
These types of data breach issues are an on-going concern, especially given how much more data is now digital and the number of services that people need to interact with and to provide personal data to.
Looking into the issue for Digital Journal is Mark Bagley, who is the Vice President of Product at AttackIQ.
According to Bagley, this issue has a concerning context in relation to the general spate of cyberattacks and interest from hackers. He notes: “The healthcare industry has become a primary target for cybercriminals due to protected health information (PHI) being extremely profitable on dark web marketplaces."
The reason for this interest, Baglely states, is because: "Healthcare data usually contains fixed information, such as dates of birth and Social Security Numbers, which hackers can use to commit identity theft for years to come. Healthcare organizations that manage large amounts of PHI must take proactive approaches to protect their data."
Expanding on the matter of preventative actions, Bagley recommends: "In addition to the usual control-centric approach, holders of PHI need to add continuous evaluation of their existing security controls to uncover gaps before a hacker finds and exploits any weaknesses, with a special eye to validation of the third-parties they work with given the sensitivity of the information.”
More about electronic health, digital health, NTreatment, Data breach
 
Latest News
Top News