UpGuard’s cyber risk team reveals how details of 40,000 patients have been exposed

Hackers are increasingly turning towards the healthcare industry. Patient identifiable data is increasingly valuable and is becoming an important topic for providers on a global scale.

The number of healthcare breaches is on the rise as a result of outdated, fragmented systems. The US saw the largest number of healthcare breaches in 2017, where up to 328 leaks (up to 60% of all leaks in 2017) costed the industry close to $1.2bn.

Such shocking figures do not include the many companies that have not disclosed the number of files affected or did not have access to that information, according to research Citrix ShareFile 

The cyber risk team at UpGuard have recently revealed that a digital data repository containing records from a Long Island medical practice was left publicly accessible, revealing medical details and personal identifiable information of over 42,000 patients for up to two months.

See also

• Oracle founder Larry Ellison launches a new health and wellness company
• Facebook continues to dominate pharmaceutical social media, new report reveals
• Google is moving from a “mobile first” world to an “AI first” one within health, CBInsights reports

Originating from Cohen Bergman Klepper Romano Mds PC, a New York practice specialising in internal medicine and cardiovascular health, the details included patient names, Social Security numbers, dates of birth, phone numbers, insurance information, as well millions of extensive medical notes. 

The breach related to a misconfiguration within present IT systems. Misconfigurations are an internal problem that are situated within the IT infrastructure of any enterprise – the problem is not solely related to hackers. “The problem is pervasive – Gartner has estimated anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems,” UpGuard explained.

Although the breach has been officially secured, it reinforces the urgency for healthcare providers to invest in resilient, advanced security protocols to secure patient data and to comply with all permitted health regulations.

Nonetheless, a 2018 Thales Data Threat Report, Healthcare Edition, has stated that only 30% of global healthcare organisations remain untouched by data breaches, highlighting that healthcare companies have a significant way to go in overhauling current healthcare systems to ensure all data is secured.