Meditab Health Tech Company Data Leak

California company Meditab, which makes medical records software for hospitals, doctor’s offices, and pharmacies, exposed data on a server without a password (via TechCrunch).

[Apple Health Records Gets Positive Feedback From Patients]

Meditab Leak

Besides medical records software, Meditab also processes faxes for healthcare providers, and it was a fax server that wasn’t secured. Dubai security company SpiderSilk found the server. It ran an Elasticsearch database containing over six million records since March 2018.

image of leaked meditab health records
Two leaked health records. Credit: TechCrunch

Without a password, anyone could read the faxes in real-time. Doctor’s notes, medical records, prescriptions, personal data and health data of kids, etc., were all exposed because they were stored in unencrypted form.

We don’t know if anyone else found the server or how long the data was exposed (I’m guessing since its creation). Angel Marrero, general counsel for MedPharm Services, an affiliate of Meditab that owned the subdomain the server was hosted on, said the company “will comply with any and all required notifications under current federal and state laws and regulations, as applicable.”

[Apple Health Records are Coming for Veterans]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.