Doctors Medical Center of Modesto (DCM) based in California learned that a company used by a previous vendor accidentally exposed patient data online.
DCM had employed the SaaS platform firm Medifies for its virtual waiting room services. DCM found out on April 2, 2021 that some of its patients’ data were accessible on the internet. Upon DCM’s inquiry of Medifies concerning the exposed data, the problem was sorted out on the same day and the data was secured.
The inquiry into the data breach revealed the occurrence of an error during the conduct of a software system update that is why the information became accessible online. The problem was attributed to a Medifies software development contractor.
The software system update happened in December 2019, and after that patient data had become viewable online. Because patient information could be viewed on the web for about one year, it is possible that unauthorized people had found and viewed the data during that time. There’s no proof uncovered that indicates unauthorized persons had seen any of the compromised information.
The breached information was different from patient to patient and the following information may have been included: name, birth date, address, email address, standard procedure information, procedure date, and name of the doctor. In addition, the information of those who might have registered to obtain patient updates, such as, names, mobile phone numbers, addresses, and email addresses could have been affected as well.
Though DCM had earlier terminated its business association with Medifies, it is still working with the company for the continuing breach investigation. It is believed that the breached information won’t put people at risk of identity theft; even so, DCM offered free credit monitoring services for one year to the affected individuals as a safety precaution. Those who would avail of these services can activate them until April 23, 2022.