NTreatment, a technology company that manages electronic health and patient records for doctors and psychiatrists, left thousands of sensitive health records exposed to the internet because one of its cloud servers wasn’t protected with a password.
The cloud storage server server was hosted on Microsoft Azure and contained 109,000 files, a large portion of which contained lab test results from third-party providers like LabCorp, medical records, doctor’s notes, insurance claims, and other sensitive health data for patients across the U.S., a class of data considered protected health information under the Health Insurance Portability and Accountability Act (HIPAA). Running afoul of HIPAA can result in steep fines.
None of the data was encrypted, and nearly all of the sensitive files were viewable in the browser. Some