Compliance Management, Privacy

Meditab affiliate exposes medical records, PII on unprotected server

Once again, information was left exposed on an unprotected server – this time by an affiliate of Meditab, a California maker of medical records software sold to doctors, pharmacies and hospitals.

Researchers at SpiderSilk found that anyone could read in realtime unencrypted medical records, personal information, drug prescriptions, doctors’ notes and the like from faxes processed by the server hosted by MedPharm Services in Puerto Rico, founded by Meditab founder Kalpesh Patel, according to a report from TechCrunch.

MedPharm General Counsel Angel Marrero said the company was “still reviewing our logs and records to access the scope of any potential exposure,” the report said.

“Providers work with hundreds, sometimes thousands, of third-party vendors on a regular basis. Unfortunately, standard risk assessment processes are outdated and inadequate, which leaves providers open to these types of threats,” said Ed Gaudet, CEO of Censinet. “We’ll continue to see breaches that originate from third parties until healthcare organizations start to implement real-time risk assessment processes that manage and remediate potential issues continuously, keeping servers secure and patient data safe.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.