Thousands of medical records for US patients, some of whom are children, were exposed in yet another lapse in health data security. A company named nTreatment, which handles records for clients in the healthcare industry, failed to protect one of its cloud servers with a password, according to TechCrunch.
The server stored around 109,000 files, including doctors' notes, third-party test results and insurance claims, along with some of nTreatment's internal documents. Almost all of that sensitive information was reportedly viewable through a web browser.
It's unclear how long the data remained exposed, though it has now been secured. The server was used for general-purpose storage, nTreatment co-founder Gregory Katz told TechCrunch. The company will alert regulators and affected providers about the situation, Katz said.
Last year, ProPublica and Bayerischer Rundfunk, a German broadcaster, found at least 187 servers holding medical data on US patients that were not password protected. As a result, millions of test results and hundreds of thousands of x-rays were exposed online for anyone to find.