The Philadelphia Department of Public Health (PDPH) found that sensitive data of patients suffering from hepatitis B and hepatitis C were exposed over the web and any person could access it without having authentication. PDPH knew about the breach on October 12, 2019 after getting notification from one The Philadelphia Inquirer correspondent.
The matter was solved within minutes immediately after PDPH got notification about the breach. An investigation is currently in progress to find out the cause, extent, and nature of the breach.
Medical providers ought to report to PDPH new incidents of hepatitis B and hepatitis C to ensure the monitoring of the illness. The two diseases could be transmitted via contact with a sick person’s bodily fluids. New incidents are usually due to the sharing of needles by IV drug patients. New incidents of the two varieties of hepatitis are supervised in relation to wih the PDPH opioids program.
The information given by healthcare companies was uploaded to a web page tool that permits aggregated information to be visualized via charts that utilize Tableau software program. Tableau dashboards are made to allow the aggregation and quickly present data in a simple format. The developers of Tableau dashboards need to make sure the setup of security controls to avert the access of backend data. In case those controls aren’t employed, raw information may be accessed and downloaded.
The Philadelphia Inquirer said that the breach can possibly affect thousands of patients. The newspaper uncovered the information of approximately 23,000 patients who had been infected with hepatitis C.
The compromised information comprises o a patient’s name, in addition to their sexuality, address, lab test findings, and in a few cases, Social Security number. The data included new incidents of Hepatitis B and Hepatitis C that were reported to PDPH from 2013 to 2018. It is at this time uncertain how many people were impacted, for how long the information was publicly available via the PDPH site and how many unauthorized persons viewed the data at the time it was compromised.