Exposure of 1.5 Million Medical Records Blamed on Human Error

September 24, 2015, Written By Bill Hardekopf
Medical Data Breach word cloud on blue background

On August 30, Chris Vickery, a technology enthusiast, uncovered a weakness on a publicly available Amazon Web Service subdomain. After downloading random data from the site, Vickery realized it was the confidential financial and medical records of at least 1.5 million people.

The data came from Systema Software, a web-based claims processing company. Danny Smith, COO of the company, recently told Vickery that a contractor inadvertently posted the sensitive material on the Amazon subdomain.

The breach, which primarily affected Kansas residents, exposed files containing “names, social security numbers, addresses, dates of birth, [and] phone numbers.” Most of this data comes from the Kansas State Self Insurance Fund, as their database contained medical and billing information for 1,099,000 insured.

While the Kansas Department of Health & Environment has not issued a statement on its website, it told databreaches.net that they were “working with Systema to determine how many Kansans were affected by this breach and what information was included.” They went on to say they were “confident that Systema is working to protect the information of anyone included in this breach.”

In addition to the over one million social security numbers released, it is estimated that more than five million financial transactions were downloaded, including claim forms and court proceedings.

It appears that Vickery was the only person who accessed the database, and he immediately turned over the documents to authorities.

Systema has still not announced or discussed the breach on its website or Facebook page.

The information contained within this article was accurate as of September 24, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.