A fax server error within Meditab, a company that develops software for EHRs, left thousands of physicians’ notes and patient information vulnerable for anyone to access, according to TechCrunch.
Cybersecurity firm SpiderSilk discovered one of Meditab’s fax servers didn’t have a password. The exposed fax server held a database of more than 6 million records.
With no password, anyone had access to read transmitted faxes in real-time, according to the report. The faxes contained medical records, physician notes, prescription details and test results. Additionally, names, addresses, dates of birth and some Social Security numbers were vulnerable to attack.
None of the data was encrypted.
Meditab’s fax server was hosted on MedPharm Service, a company affiliate. The company is investigating the issue.
“We are still reviewing our logs and records to access the scope of any potential exposure,” a company spokesperson told TechCrunch.