Patient data from EHR vendors found for sale online

Google Chrome and Mozilla Firefox browser extensions were used to extract and sell users' personal information from more than 50 companies, including EHR providers DrChrono and Kareo, according to the Washington Post.

Washington Post technology columnist Geoffrey Fowler and independent cybersecurity researcher Sam Jadali examined the cybersecurity leak. In Mr. Jadali's report "DataSpii: The catastrophic data leak via browser extensions," he noted six Chrome and Firefox browser extensions that shared users' data with marketing intelligence service Nacho Analytics, which offered access to website data for $49 a month, according to the report. Collectively, the six browser extensions gathered data from more than 4 million users. The names of the browser extensions are Hover Zoom, SpeakIt!, SuperZoom, Helper, FairShare Unlock and PanelMeasurement.

DrChrono, an EHR vendor, and Kareo, an EHR management software, were listed among the companies whose users' data was exposed on Nacho Analytics' website. From DrChrono, Mr. Fowler and Mr. Jadali found information including patient names, physician names and medications listed. Kareo information exposed were patient names. Kareo told the Post it is working to remove names from its website page data, according to the report.

Since notifying Google and Mozilla of the cybersecurity leak, Google remotely deactivated seven browser extensions and Mozilla deactivated two, the Post reports. Mozilla also deactivated a browser extension in February.

A few days after the browser extensions were shut down, Nacho Analytics posted a statement to its website that it experienced a "permanent" data outage and it is no longer accepting new clients, according to the report.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars