Mental Health Provider Has Exposed Patient Data

Uploaded on 2024-09-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Highly sensitive health details, including audio and video of therapy sessions, were openly accessible on the Internet, new research has revealed. 

Cyber security Researcher, Jeremiah Fowler, discovered and reported about a non-password-protected database that contained thousands of records belonging to Confidant Health, an AI-powered platform offering mental health and addiction treatment. 

The database contained patient personal information, psychosocial assessments including details about mental health or substance abuse, ID cards, health insurance information.

The cache of information, associated with a US health care firm, included more than 120,000 files and more than 1.7 million activity logs. Fowler discovered the exposed mass of information in an unsecured database linked to virtual medical provider Confidant Health. The company, which operates across five states including Connecticut, Florida, and Texas, helps provide alcohol- and drug-addiction recovery, alongside mental health treatments and other services.

The 5.3 terabytes of exposed data included extremely personal details about patients that go beyond personal therapy sessions.

Files seen by Fowler included multiple-page reports of people’s psychiatry intake notes and details of the medical histories. “At the bottom of some of the documents it said ‘confidential health data,’” Fowler says. The exposed health documents include some medical notes on people’s appearance, mood, memory, their medications, and overall mental status. One spreadsheet seen by the researcher appears to list Confidant Health members, the number of appointments they’ve had, the types of appointment, and more.

The exposure of sensitive patient data poses a significant risk to their privacy and could lead to various negative consequences, including identity theft, medical identity theft, extortion, and blackmail. Criminals could use this information to open fraudulent accounts, file false insurance claims, target patients with threats to release their mental health information and exploit their vulnerabilities.

VPNMentor   |   Wired   |   Data Breaches   |  Mail   |   HackRead   |   HIPPA Journal 

Image: Pexels

You Might Also Read: 

Millions Of US Voters Exposed Online:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Russian Hackers Exploit Mobile Browser Vulnerabilities
The Impact Of 5G On iGaming »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

SaltStack

SaltStack

SaltStack develops award-winning intelligent IT automation software. We help businesses more efficiently secure and manage all aspects of their digital infrastructure.

AlertEnterprise

AlertEnterprise

AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

Cybersecure Policy Exchange (CPX)

Cybersecure Policy Exchange (CPX)

Cybersecure Policy Exchange is a new initiative dedicated to advancing effective and innovative public policy in cybersecurity and digital privacy.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

eCentre@LindenPointe

eCentre@LindenPointe

The eCenter@LindenPointe provides assistance to the development, management and promotion of STEM (Science, Technology, Engineering, Mathematics) related business ventures.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.

Queen Consulting & Technologies

Queen Consulting & Technologies

Queen Consulting & Technologies specialize in providing IT support, management, and Security to Gov’t Contractors, CPAs, and Nonprofits.

National Renewable Energy Laboratory (NREL) - USA

National Renewable Energy Laboratory (NREL) - USA

NREL is transforming energy through research, development, commercialization, and deployment of renewable energy and energy efficiency technologies.

Atlas Systems

Atlas Systems

Atlas Systems helps companies large and small accelerate their digital transformation journeys – expanding their capabilities and delivering tailored solutions including cybersecurity.

Halo Security

Halo Security

Halo Security is a fast, easy, and scalable external attack surface management platform that gives security leaders deep visibility into their internet-facing assets.

Lumos

Lumos

Lumos, the Unified Access Platform to manage all access to apps and data.