Comparitech, a consumer privacy watchdog, found that approximately 52,000 of Premier Diagnostics patients had their sensitive information exposed due to a possible data breach after the Lehi, Utah-based company used a publicly accessible server to store sensitive information, KSTU-TV reports.
The diagnostic firm operates 11 COVID-19 testing sites all over northern Utah, and patients are required to submit pictures of their driver’s licenses, passports and insurance ID cards.
“They had stored all that data on a server that was publicly accessible online without a password,” said comparitech.com editor Paul Bischoff. A Comparitech researcher discovered the issue on Feb. 22 while performing a scan of unsecured databases on the internet. The data was secured on March first, Bischoff said.
While the database did not contain any payment information, Bischoff worries that the information involved in the potential leak could be used in medical insurance fraud.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon...
Eyecare giant Luxottica, which owns Ray-Ban and Oakley, as well as operates U.S. vision insurance firm EyeMed Vision Care, has disclosed being impacted by a third-party data breach in 2021 impacting 70 million customers following the leak of a stolen database on various hacking forums from April 30 to May 12, BleepingComputer reports.