Transcription service MEDantex leaks medical records

MEDantex, a medical transcription service for hospitals, clinics and private physicians, leaked thousands of physicians' patient medical records because it failed to password protect a portion of its site — an error found by KrebsOnSecurity April 20.

KrebsOnSecurity is a blog run by former Washington Post reporter Brian Krebs. KrebsOnSecurity discovered April 20 that MEDantex's web portal, which allows physicians to upload audio files of notes about their patients, was accessible to any internet user.

Additionally, a number of tools used by MEDantex employees were available to  anyone with a web browser. This includes pages that allowed visitors to add or delete users, as well as a search function for patient records that lets users find them via physician or patient name. It's not clear how long the data has been exposed , but some of the documents date as far back as 2007.

According to the blog post, KrebsOnSecurity believes MEDantex may have fallen victim to a strain of ransomware known as WhiteRose. When KrebsOnSecurity reached out to MEDantex founder and CEO Sreeram Pydah, Mr. Pydah confirmed the company recently rebuilt its online servers after dealing with a ransomware attack. The portal was taken offline for about two weeks.

"There was some ransomware injection [into the site], and we rebuilt it," Mr. Pydah told KrebsOnSecurity. "I don't know how they left the documents in the open like that. We're going to take the site down and try to figure out how this happened."

While its is also not clear which or MEDantex's clients may have had data exposed, some of the organizations it provides transcription services to include New York City-based New York University Medical Center, San Francisco Multi-Specialty Medical Group and Montgomery Ala.-based Jackson Hospital.

More articles on cybersecurity:
Top EHR vendors in 4 hospital segments, as ranked by Black Book
TriHealth to implement IBM Watson Health's imaging tools in $10M deal
Chan Zuckerberg Initiative awards genomics grant to Mount Sinai, UC Berkeley researchers

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars