Medical Data of 300,000 Californians Available Via Unsecured Website
A researcher from a data loss protection company recently discovered that personal medical data for nearly 300,000 Californians were available online in an unsecured format and could be found through Internet searches, the AP/Forbes reports.
Aaron Titus -- a researcher from Identity Finder -- discovered the information and alerted Southern California Medical-Legal Consultants, the company that was using the data.
How It Happened
Joel Hecht -- owner of the firm, which represents health care providers seeking payment from patients receiving workers' compensation -- said the company put the records on a website that it thought only employees could use.
Titus said the firm failed to require a password for the website and direct search engines not to index the pages.
The data that were available online included:
- Insurance forms;
- Physician notes about patients' health conditions; and
- Social Security numbers.
Southern California Medical-Legal Consultants' Response
Hecht said that the firm's internal security policies were not followed and that immediate action was taken to resolve the situation and ensure it does not happen again. The firm also has password-protected the data.
The company declined to provide further comment, saying the incident still is under investigation (Robertson, AP/Forbes, 8/21).
This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.