Home / Early Warning / Cybersecurity Highlights / Accidental leakage of medical records on the MEDantex website

Accidental leakage of medical records on the MEDantex website

04/25/2018

KrebsOnSecurity informed MEDantex, a company that provides medical transcription services for hospitals, clinics and private physicians, that a password-protected section of its website was completely open to the Internet, thus exposing its patients' medical records in the form of audio-recorded notes.

Numerous online tools available to MEDantex employees were also available on the Internet, including pages that allowed visitors to add or delete users and to search for patient records by physician or patient name.

MEDantex founder and CEO, Sreeram Pydah, confirmed that its servers were recently restored after being attacked by ransomware known as WhiteRose and that a bad configuration after that restoration could have been the cause of the data exposure. The website administrators closed their customer portal as soon as they notified.