Skip to Content
personal data unsecured
Security & privacy

Thousands of sensitive medical records exposed

It’s another face-palm regarding a company’s efforts, or lack thereof, to keep your data safe. This time, it could involve your sensitive medical records.

Hackers expose tons of data pretty regularly, but sometimes they don’t have anything to do with it. In many cases, companies simply forget to add things like a simple password — leaving your info out there for just about anyone to see.

That’s what happened recently with a health software company you probably haven’t heard of. Regardless, they have access to huge amounts of data like medical records, prescription information and doctor’s notes. And those records were found to be exposed on a daily basis.

Database doors left wide open

According to their website, Meditab Software Inc. says they’re “a leading health services organizations that helps medical practices, pharmacies and outpatient clinics optimize their business operations.” Basically, they make software to keep track of electronic medical records. They’re apparently doing more than that.

A cybersecurity company in Dubai called SpiderSilk found that Meditab’s server was configured without a password, and that thousands of records were being leaked. How? Because of an unsecured fax server. Yes, faxes, the 8-track tape of the communication world are still being used. Meditab processes electronic faxes (at least they’re not paper) for various health-care providers because that method is still heavily used for sharing patient files.

SpiderSilk told TechCrunch about the exposed server, saying the database contained over 6 million records. And since there was no password, those transmitted faxes could be read in their entirety and in real-time.

The cybersecurity firm found that the faxes contained very private information like health records mentioned above, including records like blood test results. And let’s not forget your personal information. Names, addresses, dates of birth were all there, and some even contained health insurance info, payment data and Social Security numbers. Info on children was accessible, too.

TechCrunch was able to verify the records by contacting several patients and also reached out to the company. They said they’re looking to identify the problem and come up with a solution. In the past, companies in similar situations were hit by some pretty hefty fines.

What’s not known is how long this data has been exposed, and if anyone else besides this cybersecurity firm has ever stumbled upon it.

Protect your private data

It comes down to protecting your data. It doesn’t matter if someone hacked in and stole it, or if someone just left the virtual door unlocked, like in this case. Either way, your data is still exposed all the same. If your medical records were impacted, it’s possible Meditab might notify you. Or they might not. So just like any other breach, it’s a good rule of thumb to follow through on a few data checkups to make sure your personal info is still secure.




Keep a close eye on your financial records. With info like your name, address and Social Security number, it’s not difficult for a cybercriminal to set up new accounts across a host of services using your identity. So watch your bank statements and credit card activity.

Watch out for phishing scams. Once some of your info is out there, scammers could look to capitalize on that and work to get even more of your private data. Would you be able to spot a fake email? Click here to take a phishing IQ test.

While you’re at it, check up on your other online accounts. That includes making sure you’re using a different password for each one, and enabling two-factor authentication (2FA) whenever available.

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook