17 Oct 2017
150,000 people in the US have been affected by the leak of an Amazon S3 repository exposing patient information. The breach in a server containing 47.5 gigabytes worth of data belonging to Patient Home Monitoring Corp was discovered by Kromtech Security Researchers. Information, including patient and doctor names, case management notes, and other personal information was stored in 316,363 PDF reports.
Researchers notified the company on October 5th that they had a vulnerability, and by October 6th it had been secured. Under HIPAA regulations, organizations are required to notify individuals who have been affected in no less than 60 days following a breach.
With companies eager to switch to Amazon Web Services or other cloud-based services, there may be gap beginning in the eagerness to adapt and the ability to secure cloud-based information. While there are many benefits to using such technology, including a resilient infrastructure, security cannot be skimped on. Revealing identifiable and sensitive personal information can affect the victims’ employment or be used in other types of cyberattacks, so this information needs to be every bit as secure as financial information.