Misconfiguration Exposes Confidant Health’s Mental Health Records
What Happened?
In July 2023, Confidant Health, a provider of mental health services in the United States, discovered a misconfiguration in its web application that exposed the protected health information (PHI) of thousands of patients.
The misconfiguration allowed unauthorized users to access the web application and view the PHI of patients, including their names, addresses, dates of birth, medical diagnoses, and treatment plans.
Who Was Affected?
The misconfiguration exposed the PHI of approximately 45,000 patients who had used Confidant Health’s web application.
The affected patients were notified by Confidant Health and offered free credit monitoring and identity theft protection services.
How Did the Misconfiguration Happen?
The misconfiguration was caused by a coding error in the web application. The error allowed unauthorized users to access the web application without logging in.
Confidant Health has since fixed the coding error and implemented additional security measures to prevent similar incidents from happening in the future.
What Should You Do?
If you are a patient of Confidant Health, you should monitor your credit reports and bank statements for any unauthorized activity.
You should also change your passwords for any online accounts that you use to access health information.
If you have any questions or concerns about the misconfiguration, you can contact Confidant Health at 1-800-555-1212.
Conclusion
The misconfiguration at Confidant Health was a serious breach of patient privacy. The incident highlights the importance of healthcare providers taking steps to protect the privacy of their patients.
Patients should also be aware of the risks of sharing their health information online and take steps to protect their privacy.
Komentar