California-based Meditab, a leading software maker for healthcare electronic medical records, was leaking thousands of doctor’s notes, medical records, and prescriptions. The cause? A security lapse that left a fax server without a password.
Without a password, the over six million records in its database could be read in real time. And to add insult to injury, none of that data was encrypted. TechCrunch verified with a few affected individuals that the information found on the fax server was legitimate.
According to a brief review of the data, the faxes contained extremely sensitive personal information to include names, addresses, date of birth, social security numbers, illnesses, and more. When reached about the security lapse, Kalpesh Patel, founder of MedPharm Services and Meditab, said the company was “looking into the issue to identify the problem and solution,” but deferred comment to the company’s general counsel, Angel Marrero, who reiterated the company was still investigating.