A US-based provider of health services was recently discovered to have had a fax server and accompanying Elasticsearch database connected to the web – without a password.
The database, which was set up in March 2018, received a total of 3.2 million entries, according to a report on TechCrunch. Anyone could have read the transmitted faxes, which contained a large amount of sensitive, personal data such as medical records, doctor’s notes, prescription amounts and quantities, as well as details of illness, for instance blood test results. Personal details, such as names, addresses, dates of birth, and in certain cases social security numbers,health insurance information and payment data, were also included.
The report goes on to say that the Californian company Meditab set up the server at their affiliate Medpharm Services in Puerto Rico. TechCrunch, which verified the authenticity of the documents by confirming them with several of the patients concerned, was informed of the lapse in security by the IT security company Spidersilk. Medpharm is currently examining its log files for potential data leakage, after which it will decide on the steps to be taken next.
In the strictly governed US healthcare sector – regulated by HIPAA – fax is still used extensively. At the same time, an increasing number of companies are discontinuing their classic fax servers and switching over to cloud fax services offered by specialized providers. With the HIPAA compliant Cloud Fax Services offered by Retarus, which are run from the company’s own, ISAE-3402 compliant data centers, your data is as safe as in the proverbial Fort Knox. The control and monitoring system is subject to ongoing audits by a renowned auditing firm. If required, Retarus would also be pleased to grant your auditors personal access to our data centers and the necessary insight into the relevant processes.