MEDantex healthcare transcription firm accidentally exposes medical records

April 26, 2018

MEDantex, a healthcare transcription service based in Wichita, Kansas, shut down its customer portal when it learned sensitive medical records for thousands of doctors were exposed online. The firm provides medical transcription for private physicians, hospitals, and clinics including New York University Medical Center and San Francisco Multi-Specialty Medical Group.

Physicians can upload audio notes about their patients to a MEDantex Web portal, which is supposed to be password-protected but was found by KrebsOnSecurity to be open to the public Internet. Several online tools for MEDantex employees were also exposed, including pages where anyone could add or delete users, or search for patient records by patient name or physician name, without submitting any type of authentication.

One of the primary directories exposed included more than 2,300 physicians. Each directory included varying numbers of patient records, and was displayed and available for download as Microsoft Word docs or raw audio files, the report explains. While it’s unclear how long the data was accessible, a Google cache shows it was open on April 10, 2018.

Sreeram Pydah, founder and chief executive of MEDantex, confirmed the company recently had to rebuild its online servers after being hit with a form of ransomware called WhiteRose. The error leading to the exposure of patient records is seemingly part of the rebuild. Pydah says the company planned to take the site offline to figure out how the mistake occurred.

The latest Verizon DBIR report shows nearly a quarter of all breaches in 2017 affected healthcare organizations. It’s the only industry where insiders cause more damage than outsiders: insiders were responsible for 56% of healthcare breaches last year.

Fred Kneip, CEO at CyberGRX, says we’ve reached the point where patients who trust healthcare organizations with their health may not be able to trust them with their personal data.

DarkReading has the full story

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...