(Update) Medical AI Company 'Deep6' Leaks 68 GB Trove of Patient Records

Security researcher Jeremiah Fowler together with the WebsitePlanet research team found an unprotected database belonging to Deep6. The records appear to contain data of those based in the United States.

Update: Deep6 reached out and said the news is misleading, saying “In August, a security researcher accessed a test environment that contained dummy data from MIT’s Medical Information Mart of Intensive Care (MIMIC) system, an industry standard source for de-identified health-related test data. To confirm, no real patient data or records were included in this ephemeral test environment, and it was completely isolated from our production systems.”

Meanwhile, according to WebsitePlanet, Mr. Fowler said, “I sent 3 follow up emails on Aug 11, Aug 12, Aug 23. No one has ever replied since the first message on Aug 10th. I validated that the doctor’s names were real individuals by searching obscure names (see screenshot). This is highly unusual in my experience to use real individuals’ data in a ‘dummy environment’ under any circumstances. Because no one replied, we added our disclaimer that we are highlighting that no patient data appeared in plain text, the records were “medical related”, and we never implied any wrongdoing or risk.”

Health Apps Must Warn Users of Data Breaches, Says FTC

The Federal Trade Commission issued a policy statement on Thursday. It says that health apps and wearable companies must warn their users of data breaches or face fines.

In a policy statement adopted during an open meeting, the Commission noted that health apps, which can track everything from glucose levels for those with diabetes to heart health to fertility to sleep, increasingly collect sensitive and personal data from consumers These apps have a responsibility to ensure they secure the data they collect, which includes preventing unauthorized access to such information.

Excellent news. Now they should make sure the fines are high enough to deter repeat offenders (cough T-Mobile).

Add a Free COVID-19 Vaccine Passport to Apple Wallet Using VaxYes

Congratulations on being fully vaccinated against COVID-19! Now? Well, you can take a photo of your record or scan it into Files/Apple Notes. And with a service called VaxYes from gogetdoc you can add it to Apple Wallet for greater convenience. You’ll have to give them a picture of your vaccine card as well as a photo of your ID. The company uses AES-256 encryption (referred to as “military grade”) and is fully compliant with HIPAA. Gogetdoc has HIPAA-trained quality control agents and medical staff to ensure appropriate details are collected for verification of the record before issuing a digital vaccine card. Tap on “Get a Free Vaccine Passport” and follow the onscreen instructions. I did it and the process to get the Wallet passport took about 60 seconds. If you live in the UK you can get a passport with this article.