Mental Health Provider Has Exposed Patient Data

Uploaded on 2024-09-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Highly sensitive health details, including audio and video of therapy sessions, were openly accessible on the Internet, new research has revealed. 

Cyber security Researcher, Jeremiah Fowler, discovered and reported about a non-password-protected database that contained thousands of records belonging to Confidant Health, an AI-powered platform offering mental health and addiction treatment. 

The database contained patient personal information, psychosocial assessments including details about mental health or substance abuse, ID cards, health insurance information.

The cache of information, associated with a US health care firm, included more than 120,000 files and more than 1.7 million activity logs. Fowler discovered the exposed mass of information in an unsecured database linked to virtual medical provider Confidant Health. The company, which operates across five states including Connecticut, Florida, and Texas, helps provide alcohol- and drug-addiction recovery, alongside mental health treatments and other services.

The 5.3 terabytes of exposed data included extremely personal details about patients that go beyond personal therapy sessions.

Files seen by Fowler included multiple-page reports of people’s psychiatry intake notes and details of the medical histories. “At the bottom of some of the documents it said ‘confidential health data,’” Fowler says. The exposed health documents include some medical notes on people’s appearance, mood, memory, their medications, and overall mental status. One spreadsheet seen by the researcher appears to list Confidant Health members, the number of appointments they’ve had, the types of appointment, and more.

The exposure of sensitive patient data poses a significant risk to their privacy and could lead to various negative consequences, including identity theft, medical identity theft, extortion, and blackmail. Criminals could use this information to open fraudulent accounts, file false insurance claims, target patients with threats to release their mental health information and exploit their vulnerabilities.

VPNMentor   |   Wired   |   Data Breaches   |  Mail   |   HackRead   |   HIPPA Journal 

Image: Pexels

You Might Also Read: 

Millions Of US Voters Exposed Online:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Russian Hackers Exploit Mobile Browser Vulnerabilities
The Impact Of 5G On iGaming »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cambray Solutions

Cambray Solutions

Cambray Solutions specializes in locating and securing technical professionals, managers, and executives.

Itaccel

Itaccel

IT Accel began a decade ago as a band of technical recruiters who wanted to bring our experience and depth of knowledge to solving complex human resou

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

Security Brigade

Security Brigade

Security Brigade is an information security firm specializing in Penetration Testing, Vulnerability Assessment, Web-application Security and Source Code Security Audit.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

Allthenticate

Allthenticate

Allthenticate Single Device Authentication (SDA), enables seamless authentication in both the physical and digital words while unifying management in one easy-to-use interface.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

Lakera

Lakera

Lakera empowers developers and organizations to build GenAI applications without worrying about AI security risks.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.

Darwinium

Darwinium

Darwinium is a Cyberfraud Prevention Platform that provides scalable customer journey protection without complexity.

Kaine Mathrick Tech (KMT)

Kaine Mathrick Tech (KMT)

KMT deliver comprehensive cyber-first outsourced technology support and solutions that scale with your business.

ThoughtSol

ThoughtSol

Thoughtsol help brands grow through Digital Transformation enabling them to leverage the power of IT for an all-embracing impact on their businesses.