Data Breach at Home Monitoring Company Exposes 150K Patients’ Files

Security researchers have uncovered a data breach linked to a healthcare services company, Patient Home Monitoring Corporation (PHM), in which patient files of some 150,000 Americans were exposed.

According to one report in Gizmodo, lab test results and other patient files, discovered by researchers at the Kromtech Security Center, had been stored on an unsecured Amazon S3 bucket. “According to Kromtech, the files were publicly accessible and unprotected by a password. A cursory examination of the contents revealed a wide range of sensitive details about patients whose names, addresses, phone numbers, diagnoses, and test results were exposed,” the report stated.

The report noted that the files were linked to Patient Home Monitoring Corporation, a Lafayette, La.-based company that provides U.S. patients with in-home monitoring and disease management services. The data breach contained about 47.5 GB-worth of data composed of roughly 316,000 PDF files.

On Oct. 5, PHM was alerted that sensitive medical records belonging to the company had been exposed. Following notification, the bucket was secured on the same day. PHM did not, however, respond to Kromtech’s inquiries, per the Gizmodo report.

Providing some additional information, MacKeeper Security Research Center reported that the breach “contained medical data in 316,363 PDF reports in the form of weekly blood test results. Many of these were multiple reports on individual patients. It appears that each patient had weekly test results totaling around 20 files each.”