NTreatment Exposes Unencrypted Patient Data
A security incident that was registered in late 2020 exposed thousands of patient records due to a poorly secured database.
The leaky database was spotted by TechCrunch who informed NTreatment - the owners of the database. The leaky server was not protected with a password. What's more, the records contained on it were stored in an unencrypted format and were open for viewing to anyone with a functioning browser.
There is no hard information concerning how long the exposed records were publicly accessible. However, some of the information makes it clear that a portion of the records belong to children. There were a total of around 110 thousand files on the unprotected server.
Similar security incidents happen on a more or less daily basis and have been so frequent for years. There is nothing the end user can do about this sort of issue and the only thing that can prevent similar future leaks is rigorous security training of employees who handle similar information.
The only precaution regular people can take against similar leaks is to use different passwords for any service or website they use. However, this will not protect them from their full names or telephone numbers and other personally identifiable information leaking from unprotected databases.
A big part of the issue here is that this immutable information that will remain valid for years in the case of a phone number, or even forever, in the case of a full name.
In an official statement NTreatment said that the company used the unsecured server for "general purpose storage" and provided no specific information on the length of time over which the files were exposed for public viewing and access.