California based Innovative healthcare solutions provider ‘Meditab’ received a data breach jolt on Monday this week when Dubai based cybersecurity firm Spidersilk claimed that its security researchers found a susceptibility in the database of the healthcare provider which gave direct access to over six million records summarized since Mar’18 which includes prescriptions medical records of several patients residing in the United States.
As Meditab is also known to process faxes for healthcare providers, the breach could have also given a chance to hackers to access records related to other hospital operations, doctor’s offices and pharmacies.
Spidersilk claims that the database of Meditab which was connected to the fax server was left unprotected without a password. Means critical data like personal info and health info of kids could have also been leaked to the cyber crooks.
Details on how long the data was left exposed and who all access it are yet to be determined as a third-party audit is yet to be conducted.
A source from the healthcare firm revealed on the condition of anonymity that unencrypted info such as names, addresses, insurance claim details, date of births and in some cases social security numbers was also left exposed as the fax server was hosted on a sub-domain of MedPharm Services, a Puerto Rico based affiliate of Meditab.
Related authorities from Meditab have started an investigation on the issue after learning the data breach facts from Spidersilk and some noted media resources.