Therapy Sessions Exposed by Mental Health Care Firm's Unsecured Database
A data breach at Confidant Health exposed sensitive patient information, including therapy recordings, due to an unsecured database. Experts stress the need for improved data security in telehealth services.
Read original article
A significant data breach occurred at Confidant Health, a virtual medical provider, exposing sensitive patient information, including audio and video recordings of therapy sessions. Security researcher Jeremiah Fowler discovered the unsecured database, which contained over 120,000 files and 1.7 million activity logs, revealing personal health details and psychiatric intake notes. The exposed data included confidential information about patients' medical histories, family traumas, and even administrative documents like driver’s licenses and insurance cards. Confidant Health quickly addressed the issue after being notified, claiming that less than 1% of the files were accessible due to an improper configuration. The company conducted a security audit and stated that no malicious access to the data was found. Experts warn that such breaches pose significant privacy risks, especially as healthcare providers expand their services. The incident serves as a reminder for healthcare organizations to prioritize data security, particularly in the rapidly growing telehealth sector.
- Confidant Health's database exposed sensitive patient information, including therapy session recordings.
- Over 120,000 files and 1.7 million activity logs were publicly accessible due to an unsecured database.
- The company addressed the breach promptly after being alerted by a security researcher.
- Experts emphasize the importance of data security in healthcare, especially with the rise of telehealth services.
- The incident highlights ongoing risks associated with improper database configurations in the healthcare industry.
Related
Former IT employee accessed data of over 1M US patients
A former IT employee accessed data of over 1 million US patients in a breach at Nuance, a contractor for Geisinger. Patient info was compromised, excluding financial data. The employee was arrested. Geisinger advised affected individuals to monitor their accounts. A law firm is investigating a potential lawsuit. Geisinger emphasized vigilance.
Change Healthcare starts sending data breach notifications after cyberattack
Change Healthcare notifies customers of a data breach exposing medical, payment, and personal data. The cyberattack in February disrupted healthcare operations. UnitedHealth faces criticism for delayed breach notifications.
The biggest data breaches in 2024: 1B stolen records and rising
In 2024, data breaches exposed over 1 billion records. AT&T, Change Healthcare, and Synnovis faced breaches, impacting customer data security. Snowflake's involvement in multiple breaches raises concerns about data protection.
Why corporations won't spend enough to safeguard your private info
AT&T and UnitedHealth Group faced data breaches compromising customer and patient data, revealing lax cybersecurity practices. Experts stress the need for stricter safeguards and regulatory intervention to address vulnerabilities.
32M invoices, contracts, patient consent forms, and more exposed to the internet
A non-password-protected database belonging to ServiceBridge exposed approximately 31.5 million documents, including sensitive personal and business information, raising significant privacy concerns and highlighting the need for better data protection practices.
2 commentsRelated
Former IT employee accessed data of over 1M US patients
A former IT employee accessed data of over 1 million US patients in a breach at Nuance, a contractor for Geisinger. Patient info was compromised, excluding financial data. The employee was arrested. Geisinger advised affected individuals to monitor their accounts. A law firm is investigating a potential lawsuit. Geisinger emphasized vigilance.
Change Healthcare starts sending data breach notifications after cyberattack
Change Healthcare notifies customers of a data breach exposing medical, payment, and personal data. The cyberattack in February disrupted healthcare operations. UnitedHealth faces criticism for delayed breach notifications.
The biggest data breaches in 2024: 1B stolen records and rising
In 2024, data breaches exposed over 1 billion records. AT&T, Change Healthcare, and Synnovis faced breaches, impacting customer data security. Snowflake's involvement in multiple breaches raises concerns about data protection.
Why corporations won't spend enough to safeguard your private info
AT&T and UnitedHealth Group faced data breaches compromising customer and patient data, revealing lax cybersecurity practices. Experts stress the need for stricter safeguards and regulatory intervention to address vulnerabilities.
32M invoices, contracts, patient consent forms, and more exposed to the internet
A non-password-protected database belonging to ServiceBridge exposed approximately 31.5 million documents, including sensitive personal and business information, raising significant privacy concerns and highlighting the need for better data protection practices.