Physician notes, medical info exposed after tech company fax server error

Mackenzie Garrity - Print  | 

A fax server error within Meditab, a company that develops software for EHRs, left thousands of physicians’ notes and patient information vulnerable for anyone to access, according to TechCrunch.

Cybersecurity firm SpiderSilk discovered one of Meditab’s fax servers didn’t have a password. The exposed fax server held a database of more than 6 million records.

With no password, anyone had access to read transmitted faxes in real-time, according to the report. The faxes contained medical records, physician notes, prescription details and test results. Additionally, names, addresses, dates of birth and some Social Security numbers were vulnerable to attack.

None of the data was encrypted.

Meditab’s fax server was hosted on MedPharm Service, a company affiliate. The company is investigating the issue.

“We are still reviewing our logs and records to access the scope of any potential exposure,” a company spokesperson told TechCrunch.

More articles on cybersecurity:
National Science Foundation awards $1M to Massachusetts university for translational research
Update: 5 more hospitals affected by vendor data breach
Ransomware attack affects 15,000 patients at Michigan health system

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.