The general health of cybersecurity in the medical profession can only be described as parlous. Yet another case of lame practice has resulted in the sensitive medical records of 150,000 patients (including sensitive medical information such as blood test results), amounting to more than 47GB of data, being left for all to see on a misconfigured Amazon server.
The guilty party this time is US healthcare services company Patient Home Monitoring (PHM) – whose motto is ‘to help patients lead better lives’. This presumably ought to include keeping their records safe. While PHM secured the database the day after being notified of its exposure, no one as yet knows how long the data was available or whether anyone has actually gained access to it.
While this breach is relatively modest in comparison to some of healthcare’s recent debacles, it nonetheless highlights the risk of storing sensitive medical information online. Simple configuration errors can sneak into any set-up and put individuals’ information at risk – along with the company’s reputation.