Two healthcare companies, DeepThink Health and VScript, had unsecured websites that could be accessed by anyone online, according to cybersecurity organization WizCase.
Across the globe, nine companies had databases that were easily accessible online. Some of the data that was exposed included prescriptions, medical observations, lab visits and Social Security numbers, as well as names and addresses.
Upon discovering the vulnerabilities, WizCase contacted the companies.
DeepThink Health, which provides analytics and machine learning for the medical market and was formerly known as Jintel Health, had around 700,000 patient records accessible online. Patient data, including medical information, was found on an open server. Further information that was exposed included cancer treatment details, patient names, addresses and phone numbers.
Pharmacy software provider VScript also left around 800 patient records exposed online, reports WizCase. A database that was accessible to anyone online had entries about payment transactions. Additionally, photos of drug prescriptions and medicine bottles with patients' names, addresses, phone numbers and dates of birth could be found online.
To read the full report, click here.