Sensitive health information stored by a company handling insurance claims was accidentally made publicly available on Amazon Web Services, a cloud-computer platform, according to Gizmodo.
Chris Vickery, a self-described tech enthusiast, allegedly found the data in September after hearing data dumps sometimes ended up on the platform, according to the report. He estimates the information of around 1.5 million patients was included in the data dump.
The breached information came from Systema Software, a company that handles insurance claims. According to the report, Systema Software COO Danny Smith emailed Mr. Vickery confirming the incident, saying "I wanted to let you know that we've contacted all of our clients at this point and made them aware of the situation. Again, we're grateful that it was you who found this exposure and that your intentions are good."
Mr. Vickery told Gizmodo that Mr. Smith said the incident occurred because of a contractor's mistake.
According to the report, the exposed information came from Kansas' State Self Insurance Fund, CSAC Excess Insurance Authority and the Salt Lake County Database. Mr. Vickery plans to turn over the data to the Texas Attorney General to destroy the information.
Systema Software told Gizmodo that Mr. Vickery was the only person to access the data. "Systema Software recently became aware that a single individual gained unapproved access into our data storage system," the company said.
More articles on data breaches:
Why are healthcare data breaches so common?
Stolen laptop prompts breach notification at LSU Health
Sutter Health notifies 2,500 of breach after employee improperly emails billing documents