MONTGOMERY, AL (WSFA) - Sensitive patient medical records compiled by possibly thousands of doctors may have been compromised, according to data security researcher KrebsonSecurity.
Krebs says it recently notified Kansas-based MEDantex, a medical transcription service, to a security issue with an online portal that was apparently leaking medical records onto the internet that should have been password protected. The portal has since been shut down.
"What's more," Krebs reports, "numerous online tools intended for use by MEDantex employees were exposed to anyone with a Web browser, including pages that allowed visitors to add or delete users, and to search for patient records by physician or patient name. No authentication was required to access any of these pages."
A check of MEDantex's website includes a client list of multiple medical organizations across the country from San Francisco to New York, and from New Jersey to Florida.
The company's website lists Montgomery, Alabama's Jackson Hospital among its clients, but when contacted by WSFA 12 News, MEDantex CEO Sreeram Pydah said Jackson has not been a client since sometime between 2003 and 2005. He added that he doesn't believe Jackson records are on the impacted server and called it a "very low chance" any of Jackson's records were impacted.
When reached for comment, Jackson Hospital spokeswoman Mia Mothershed said MEDantex is investigating the breach "and [has] not identified the scope of information compromised." She added that Jackson Hospital "has not been identified among the companies whose information was exposed. If confirmation is received we will take appropriate action."
Krebs said the number of exposed records was unclear, but one accessible directory alphabetized more than 2,300 doctors by their last name with access to downloadable records. While most records appeared recent, some dated back to at least 2007, Krebs stated.
So what could the data be used for? Krebs indicates one possibility.
"Several MEDantex portal pages left exposed to the Web suggest that the company recently was the victim of WhiteRose," Krebs wrote, "a strain of ransomware that encrypts a victim's files unless and until a ransom demand is paid."
Pydah tells WSFA 12 News security experts are investigating what he called a ransomware attack but don't yet know the extent or who was affected. He said it could take weeks to get more information.