Sensitive health details of thousands of people, including audio and video of therapy sessions, were openly accessible on the internet due to an unsecured database linked to virtual medical provider Confidant Health. The exposed information included personal therapy session reports, psychiatry intake notes, medical histories, and administration documents. Confidant Health quickly shut off access to the exposed database after being alerted by a security researcher.
Key Points
Exposure of over 120,000 files and 1.7 million activity logs of patients' health data
Exposed data included personal therapy session reports, psychiatry intake notes, medical histories, and administration documents
Some files contained audio and video of patient sessions
Confidant Health took immediate action to secure the exposed database
Pros
Security researcher discovered the exposed data and alerted the company
Confidant Health quickly secured the database after being notified
Cons
Highly sensitive health details of patients were openly accessible on the internet
Risk of data being abused by malicious actors if not properly secured