Doctors Medical Center of Modesto (DCM) in California has found out that a service provider employed by a former vendor inadvertently exposed patient information over the web.
DCM had hired the SaaS platform company Medifies to give virtual waiting room services. DCM learned on April 2, 2021 that the information of some of its patients was viewable online. DCM asked Medifies regarding the exposed information and the problem was solved the same day and secured the information.
The investigation into the data breach affirmed that a mistake was made while carrying out a software update which made the information accessible on the web. A Medifies software development contractor was the cause of the problem.
The software program update happened in December 2019, after which patient information became accessible. Patient information was exposed on the internet for over one year. During that time, unauthorized individuals could find and view the information. There is no evidence found that suggests the unauthorized persons viewed any of the exposed data.
The exposed information differed from one patient to another and might have contained the name, email address, address, birth date, general procedure details, procedure date, and doctor name. Additionally, the names, email addresses, addresses, and mobile phone numbers of important others who might have signed to get updates concerning a patient’s treatment might also have been compromised.
DCM had earlier ended its business connection with Medifies however has been working directly with the firm to look into the breach. The types of data compromised must not put people in danger of identity theft; nevertheless, as a safety precaution, affected people were provided free credit monitoring services for one year. Those services can be activated until April 23, 2022.