Open databases leaked 93 Million billing files of patients.
Patients from these facilities had their data open and accessible and SBH was repeatedly informed by DataBreaches.net about this leak. The exposed data consisted of billing details like individual's name, birth date, physical and email addresses, phone numbers, debit and credit details like card numbers with partial expiration dates and a full CVV code and health insurance information, including membership and account numbers and insurance benefits statements. Roughly, 93 Million files were released but comparatively fewer individuals were affected as patients had multiple files to their name.
The news was covered by DataBreach.net yesterday, but they have been following the case since August. An anonymous individual tipped DataBreach.net about the open database in late August and they informed Sunshine Behavioral Health regarding the leak on September 4th but to no avail. They then spoke to SBH's director of compliance, Stephen VanHooser and shortly the data was made private.
But, unfortunately in November Databreach.net noticed that “the files were still accessible without any password required if you knew where to look. And anyone who had downloaded the URLs of the files in the bucket while the bucket was exposed would know where to look.”, stated the post. The data and files were finally secured after they again reached out to SBH on Nov 10 and 12. Adding to that, the three-drug and alcohol addiction facilities haven't made the leak public, There has been nothing on their website, the California Attorney General’s website, or HHS’s public breach tool, even though it is more than 70 days since they were first notified,” the blog states. Maybe the affected parties were informed but not the public.
from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/35bsooO