Cybersecurity firm SpiderSilk discovered one of Meditab’s fax servers didn’t have a password. The exposed fax server held a database of more than 6 million records.
With no password, anyone had access to read transmitted faxes in real-time, according to the report. The faxes contained medical records, physician notes, prescription details and test results. Additionally, names, addresses, dates of birth and some Social Security numbers were vulnerable to attack.
None of the data was encrypted.
Meditab’s fax server was hosted on MedPharm Service, a company affiliate. The company is investigating the issue.
“We are still reviewing our logs and records to access the scope of any potential exposure,” a company spokesperson told TechCrunch.
More articles on cybersecurity:
National Science Foundation awards $1M to Massachusetts university for translational research
Update: 5 more hospitals affected by vendor data breach
Ransomware attack affects 15,000 patients at Michigan health system