MedEvolve Data Breach Over 200,000 Patients Records Exposed

As we see a spike in the frequency of data breaches over the past couple of months, we have also witnessed a significant rise in cyber attacks on the healthcare industry. Once again, another healthcare data breach resulted in the compromise of patients’ details. This time, MedEvolve faced a data breach which exposed data of over 200K urgent care patients.

200,000 Patients’ Data Exposed After MedEvolve Faced Data Breach

According to a press release on July 10, 2018, MedEvolve faced a data breach exposing personal information of the patients. MedEvolve noticed the breach on May 11, 2018, after they found a file with patients’ data on an FTP server. The file was inadvertently accessible to anyone.

As stated in their press release,

“The file was placed on the FTP server in question as part of an isolated data transfer event. The server is not associated with MedEvolve’s customer facing “front office” software products, hosting operations, or medical billing services.”

MedEvolve says further that the file remained openly accessible from March 29,2018 to May 4, 2018. While they also note unauthorized access to the file on March 29, 2018.

DataBreaches Already Broke The News In May

Although MedEvolve disclosed the data breach on July 10, 2018, DataBreaches.net already released the news in May. According to their blog post published on May 16, 2018, their researchers already spotted a leaky FTP server containing a file with 205,000 patient’s information. According to them, the server belongs to MedEvolve.

While they clearly declared the exact number of breached records to be 205,000, MedEvolve did not reveal any such count in their press release.

After noticing the breach, MEdEvolve, like any other responsible organization, began taking security measures.

“Upon discovery, MedEvolve immediately secured the portal in question and took steps to prevent further access. MedEvolve also hired a third-party forensic investigator to conduct an exhaustive investigation of this matter.”

Moreover, they are also informing individual affectees, and are them two years of TransUnion’s credit monitoring service.

MedEvolve is a practice management software provider for physicians and other health facilities based in Arkansas.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients