Exposure of 1.5 Million Medical Records Blamed on Human Error
On August 30, Chris Vickery, a technology enthusiast, uncovered a weakness on a publicly available Amazon Web Service subdomain. After downloading random data from the site, Vickery realized it was the confidential financial and medical records of at least 1.5 million people.
The data came from Systema Software, a web-based claims processing company. Danny Smith, COO of the company, recently told Vickery that a contractor inadvertently posted the sensitive material on the Amazon subdomain.
The breach, which primarily affected Kansas residents, exposed files containing “names, social security numbers, addresses, dates of birth, [and] phone numbers.” Most of this data comes from the Kansas State Self Insurance Fund, as their database contained medical and billing information for 1,099,000 insured.
While the Kansas Department of Health & Environment has not issued a statement on its website, it told databreaches.net that they were “working with Systema to determine how many Kansans were affected by this breach and what information was included.” They went on to say they were “confident that Systema is working to protect the information of anyone included in this breach.”
In addition to the over one million social security numbers released, it is estimated that more than five million financial transactions were downloaded, including claim forms and court proceedings.
It appears that Vickery was the only person who accessed the database, and he immediately turned over the documents to authorities.
Systema has still not announced or discussed the breach on its website or Facebook page.