Thousands of unsecured medical records were exposed online

A cloud server used by nTreatment held data on US patients, including children.

Thousands of medical records for US patients, some of whom are children, were exposed in yet another lapse in health data security. A company named nTreatment, which handles records for clients in the healthcare industry, failed to protect one of its cloud servers with a password, according to TechCrunch.

The server stored around 109,000 files, including doctors' notes, third-party test results and insurance claims, along with some of nTreatment's internal documents. Almost all of that sensitive information was reportedly viewable through a web browser.

It's unclear how long the data remained exposed, though it has now been secured. The server was used for general-purpose storage, nTreatment co-founder Gregory Katz told TechCrunch. The company will alert regulators and affected providers about the situation, Katz said.

Last year, ProPublica and Bayerischer Rundfunk, a German broadcaster, found at least 187 servers holding medical data on US patients that were not password protected. As a result, millions of test results and hundreds of thousands of x-rays were exposed online for anyone to find.