The protected health information of an estimated 150,000 Americans using services from Layfayette, La.-based Patient Home Monitoring was discovered on a publicly accessible and unprotected Amazon cloud server, according to Gizmodo.
Researchers at Dubai-based Kromtech Security Center discovered the patient files — including names, addresses, dates of birth, phone numbers, overseeing physicians, diagnoses and lab results — on an unsecured Amazon S3 bucket Sept. 29. It's unclear how long the files were exposed online, however, the records appeared to belong to tests that took place this summer, according to Kromtech.
The researchers alerted the healthcare services company, a division of which provides U.S. patients with in-home monitoring and disease management services, of the breach Oct. 5. PHM, a HIPAA-covered entity, immediately secured the bucket, but has not responded to Kromtech's inquiries or Gizmodo's request for comment.
The data breach involved about 47.5 GB-worth of data, which composed roughly 316,000 PDF files, according to Gizmodo.
Becker's reached out to Patient Home Monitoring for comment. This story will be updated as more information becomes available.
More articles on cybersecurity:
Israeli officials say Russia used Kaspersky software to spy on US, Germany refutes claim
DHS appoints Barry West acting deputy CIO: 3 things to know
54% of Americans think their data is safe from hackers: 4 survey insights