Californian Healthcare Service Provider Learns that Patient Information was Exposed Online for More Than a Year

Doctors Medical Center of Modesto (DCM) in California has found out that a service provider employed by a former vendor inadvertently exposed patient information over the web.

DCM had hired the SaaS platform company Medifies to give virtual waiting room services. DCM learned on April 2, 2021 that the information of some of its patients was viewable online. DCM asked Medifies regarding the exposed information and the problem was solved the same day and secured the information.

The investigation into the data breach affirmed that a mistake was made while carrying out a software update which made the information accessible on the web. A Medifies software development contractor was the cause of the problem.

The software program update happened in December 2019, after which patient information became accessible. Patient information was exposed on the internet for over one year. During that time, unauthorized individuals could find and view the information. There is no evidence found that suggests the unauthorized persons viewed any of the exposed data.

The exposed information differed from one patient to another and might have contained the name, email address, address, birth date, general procedure details, procedure date, and doctor name. Additionally, the names, email addresses, addresses, and mobile phone numbers of important others who might have signed to get updates concerning a patient’s treatment might also have been compromised.

DCM had earlier ended its business connection with Medifies however has been working directly with the firm to look into the breach. The types of data compromised must not put people in danger of identity theft; nevertheless, as a safety precaution, affected people were provided free credit monitoring services for one year. Those services can be activated until April 23, 2022.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at