PHI Exposed Due to a Webpage Misconfiguration and a Server Ransomware Attack


Webpage Misconfiguration

Inmediata Health Group Corp, a clearinghouse, software program, and business process solutions provider, notified some of its clients’ patients about the accidental exposure of their medical data online.

Inmediata discovered in January 2019 the misconfiguration of a webpage that employees use internally, thus allowing search engines to find and index the webpage. There was limited information accessible on the webpage including names, birth dates, genders, and medical claims data. The Social Security numbers of a very small number of patients was also exposed.

A computer forensics firm helped investigate to find out if unauthorized individuals accessed the webpage and patient data. No evidence was found to indicate the unauthorized access of information, but it cannot not be ruled out for sure.

Inmedia notified by mail all patients affected by the breach on April 22, 2019. Information about the number of patients affected and the length of time their information was accessible is still uncertain.

Server Ransomware Attack
Orthopedic surgeon, Ronald Snyder, M.D. from Paramus, NJ, discovered the ransomware attack of an office server that contains patient billing data and the encryption of the data.

The ransomware attack happened on January 9, 2019 and the office staff was not able to access patient files. Because of regular backing up of the server, all files that became inaccessible were quickly restored without paying any ransom.

Third-party computer forensics experts helped investigate the breach, but it was impossible to find out if patient information was accessed as a result of damage from the attack.

There was no evidence found that suggest the attack was intended to try to access patient data, but its possibility can’t be ruled out. Subsequently, all patients the breach impacted were informed via mail.

The types of information contained in files on the office server include names, addresses, birth dates, genders, telephone numbers, email addresses, co-pay amounts, patient statuses and occupation statuses. The files also contained some patients’ insurance identification number, which was created using a Social Security number. Extra safeguards were implemented since the breach to avoid another unauthorized access of computer equipment.

The number of patients affected is presently unclear.