Thousands of people’s highly sensitive health details, including audio and video of therapy sessions, were openly accessible on the internet, new research has revealed.
The cache of information, associated with virtual medical company Confidant Health, was discovered by vpnMentor security researcher Noam Rotem on May 16, 2023.
It was stored in an unsecured database that was accessible to anyone with a web browser.
The data included:
- Audio and video recordings of therapy sessions
- Transcripts of therapy sessions
- Patient names, addresses, and phone numbers
- Therapist names and contact information
- Billing information
Rotem said the data was “completely unencrypted and unauthenticated,” meaning anyone could have accessed it without a password or any other form of security.
“This is a major data breach that could have serious consequences for the victims,” Rotem said.
“The exposed data could be used for identity theft, blackmail, or other forms of fraud. It could also be used to embarrass or humiliate the victims.”
Confidant Health has since taken down the database and said it is investigating the breach.
The company said in a statement that it is “committed to protecting the privacy and security of our patients’ information.”
“We deeply regret that this incident occurred and are taking steps to prevent it from happening again.”
The data breach is the latest in a string of recent high-profile incidents involving the exposure of sensitive health information.
In 2021, a data breach at the health insurer Anthem exposed the personal information of more than 78 million people.
And in 2019, a data breach at the hospital chain Methodist Health System exposed the personal information of more than 1.4 million patients.
These data breaches underscore the need for healthcare providers to take steps to protect the privacy and security of their patients’ information.
Patients should also be aware of the risks of sharing their health information online and should only do so with trusted providers.
Be First to Comment