- Archer Health exhibited 145,000 sensitive files via an unprotected and public database
- The disclosed data included names, SSN, diagnostics and other personal and medical information
- The database was secured after the researcher’s tip; No evidence of dark web distribution still
Archer Health, a care provider in the United States at home and palliative, has kept an unprotected database available on the Internet wider, which flees personal and health data sensitive to all those who knew where to look, warned the experts.
Cybersecurity researcher Jeremiah Fowler reported the observation of Websiterplanet After finding the database and helped it lock.
Fowler has found a database not encrypted and not protected by passwords containing around 145,000 files, including PDF, PNG and other files, and documents held such as various assessments, home health certifications, care documents, output forms and other internal documents.
Lock the database
Overall, these files, which and measured at 23 GB, also contained the names of people, patient identification numbers, SSN, postal addresses, telephone numbers and other personally identifiable information (PII). Other documents contained diagnoses, treatments and other potentially sensitive health data.
Archer Health, also known as Archer Home Health / Home Health & Palliative Care) is a home medical service provider. The company offers qualified nursing, therapy (physical, speech, work), nutritional advice, medical social work, home aid, wound care, etc., delivered to the patient’s home.
They also provide palliative care, focusing on relief of symptoms, disease management, comfort and support for patients with serious or chronic disease.
Shortly after Fowler stretched out, the company locked the database and thanked the researcher for the tip.
“Thank you for bringing this to our attention,” Archer Health told Fowler. “We take data security and patient confidentiality very seriously. Our team actively investigates this issue and quickly solve all security problems. ”
Without appropriate forensic analysis, it is impossible to say if someone has access to the database before Fowler finds it. There is no evidence that this database has been disclosed anywhere on the Dark Web. In addition, we do not know how long the archives have remained open, nor who managed it (Archer Health or a third party).
