It has been discovered that a contractor used by a former vendor of Doctors Medical Center of Modesto (DCM) in California mistakenly breached patient data online.
DCM had hired the services of SaaS platform provider Medifies to conduct virtual waiting room services.
However, on April 2, 2021, DCM became aware that the data of a portion of its patients was accessible over the Internet. DCM got in touch with Medifies in relation to the exposed data and the problem was amended that day and the data was locked down.
The breach review confirmed that a mistake had been made when completing a software update which meant that the data could be accessed online the Internet. The error was the fault of a Medifies software development contractor.
The software update that made the data viewable took place in December 2019, which meant patient data had been exposed online for more than 12 months, during which time it is possible that it was located by unauthorized people. Nothing has been found to suggest any of the exposed information was viewed by unauthorized people.
The exposed data was different for everyone impacted and could have incorporated name, address, email address, date of birth, general procedure details, procedure appointments, and physician identity. The names, addresses, email addresses, and cell phone numbers of significant others who may have being sent updates in relation to a patient’s procedure may also have been breached.
DCM had previously ended its business relationship with Medifies but has been working alongside them to review investigate the breach. The range of information exposed should not put people in danger of identity theft; however, out of an abundance of care, impacted individuals have been provided with free credit monitoring services for 12 months and have until April 23, 2022 to activate that offer.