Southern California Medical-Legal Consultants, which represents physicians and hospitals seeking payment from patients receiving workers' compensation, unknowingly had medical files for nearly 300,000 Californians unsecured on the Internet, according to a San Francisco Chronicle report.
The records included insurance forms, social security number and physicians' notes.
Owner Joel Hecht said the company posted the records on a website it believed only employees had access to, according to the report. However, Aaron Titus, a researcher with Identity Finder, found the company's medical records through Internet searches.
Mr. Titus said the company did not require a password or prohibit search engines from indexing the pages, two steps that could have prevented the data breach. Mr. Hecht said the company's internal security policies were not followed.
Delaware's St. Francis Hospital Recovers Thumb Drive With Nearly 500 Patients' Information
Keeping Data Out of the Wrong Hands: 10 Tips for Hospital Data Security Training
The records included insurance forms, social security number and physicians' notes.
Owner Joel Hecht said the company posted the records on a website it believed only employees had access to, according to the report. However, Aaron Titus, a researcher with Identity Finder, found the company's medical records through Internet searches.
Mr. Titus said the company did not require a password or prohibit search engines from indexing the pages, two steps that could have prevented the data breach. Mr. Hecht said the company's internal security policies were not followed.
Related Articles on Data Breaches:
meridianEMR Files Lawsuit Against UroChart for Alleged Data BreachDelaware's St. Francis Hospital Recovers Thumb Drive With Nearly 500 Patients' Information
Keeping Data Out of the Wrong Hands: 10 Tips for Hospital Data Security Training