Publicly Accessible Database Contained 148,000 Files Related to COVID-19 Testing
An InHouse Physicians database containing 148K files related to COVID-19 testing has been exposed online, and Freudenberg Medical and Fairfax Radiological Consultants have experienced cyberattacks that exposed patient data.
Publicly Accessible Database Contained 148,000 Files Related to COVID-19 Testing
InHouse Physicians, a provider of on-site medical services and wellness programs to organizations, has inadvertently exposed a database on the Internet that included almost 150,000 documents that contained information about individuals’ COVID-19 status – whether they had been cleared to attend an event or had tested positive for COVID-19.
The exposed database was identified by researcher Jeremiah Fowler, who found 12 GB of documents in the non-password-protected database, including 148,415 PDF files that contained full names, phone numbers, the name of the event, and whether individuals had been cleared to attend or were COVID-19 positive. Fowler notified InHouse Physicians about the exposed database and it was rapidly secured. It is unclear whether the database was managed by InHouse Physicians or a third party.
While only limited data was exposed, the information could be used for malicious purposes in the wrong hands, such as phishing and social engineering attempts related to COVID-19 testing or diagnosis.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Freudenberg Medical Notifies 4,415 Individuals About Data Exposure in Attempted Ransomware Attack
Freudenberg Medical, LLC, a Beverly, MA-based manufacturer of medical components and devices, was the victim of an attempted ransomware attack on November 11, 2023. The incident was rapidly detected, and immediate action was taken to contain the threat and secure its systems. External consultants were engaged to investigate the breach, assist with the remediation efforts, and determine the extent of any data theft.
On June 18, 2024, it was confirmed that the personal information of 4,415 individuals was compromised in the attack. Individual notification letters were mailed to those individuals on July 11, 2024, who have been informed about the types of data likely compromised in the attack. Identity theft protection services have been offered through IDX. Freudenberg Medical said it has hardened its existing data security measures to prevent similar breaches in the future.
Data Breach Announced by Fairfax Radiological Consultants
Fairfax Radiological Consultants, PLLC, an Annandale, VA-based provider of medical diagnostic imaging services, has confirmed that the protected health information of 3,512 individuals was likely compromised in a recent cyberattack.
The substitute breach notice does not state when the cyberattack was detected, only that it was discovered on or around July 1, 2024, and unauthorized individuals may have accessed or acquired the protected health information of patients on or around May 13, 2024. The information involved included full names, dates of birth, medical record numbers, dates of service, diagnoses, and Current Procedural Terminology (CPT) codes. While data was exposed, Fairfax Radiological Consultants has not found any evidence that any of the data has been misused and is in the process of mailing individual notifications.
