Vendor's unsecure data found on Web cloud platform
An insurance claims management company that reportedly failed to encrypt its data is in hot water after an IT professional uncovered detailed medical records of some 1.5 million people from its database online.
As KVUE first reported, Texas IT specialist Chris Vickery discovered the medical records from Systema Software on Amazon's cloud computing platform after following up on reports of massive data dumps on the platform.
Vickery said the Larkspur, Cali.-based software company did not encrypt its data and could be accessed without a password.
"Health insurance information, medical diagnoses, plans to defend against claims, Social Security numbers, names, addresses, phone numbers, dates of births, everything you can imagine you wouldn't want a bad guy to have was in there," Vickery told KVUE.
[See also: Vendor sacked for HIPAA breach blunder.]
He has since reported the incident both to the Texas Attorney General's office and to Systema Software.
According to a statement from Systema Software to KVUE, they are launching a "comprehensive internal review to identify the scope of the event and necessary remediation measures."
Officials at Systema Software did not respond to Healthcare IT News' request for comment by publication time.
This is far from an isolated event. Just last year, Boston Medical Center in Massachusetts fired its third-party vendor MDF Transcription after the hospital discovered the vendor posted protected health information of 15,000 of its patients online with no password protection.