AI Firm’s Faulty Server Exposed 5.3 TB of Mental Health Records

A compromised server from US-based AI healthcare firm Confidant Health exposed 5.3 TB of mental health records, including personal data, diagnoses, and medical information, which puts serious privacy risks to patients.

Cybersecurity researcher Jeremiah Fowler discovered a poorly secured server with no password protection containing confidential records from Confidant Health, a Texas-based AI platform that provides mental health and addiction treatment services to Connecticut residents , Florida, New Hampshire, Texas, and Virginia.

For your information, Confidant Health offers a variety of services including alcohol rehab, online suboxone clinic, pre-addiction treatment, behavior modification program, recovery coach, withdrawal management -opioid, and medication-assisted treatment, and Telehealth Addiction Recovery. app with over 10,000 downloads.

The database in this instance contained more than 126,276 files (about 5.3 TB) and 1.7 million logging records, which exposed valuable information such as:

• Personally Identifiable Information (PII): Names, addresses, contact information, driver’s licenses and insurance information.
• Mental Health Screenings: Detailed assessments of patients’ mental health status, family history and traumatic experiences.
• Medical Records: Lists of prescription medications, diagnostic test results, health insurance information, Medicaid cards, medical records, medical records, letters of care listing mandatory medications, and medical record requests medical or exemptions.
• Audio and Video Recordings: It also includes audio and video recordings of programs and articles, discussing serious family issues, including children, parents, spouses and conflicts.

The documents revealed information about taking psychotherapy and psychological evaluations detailing mental health, substance abuse, family issues, psychiatric history, depression history, medical conditions and further testing, Fowler explained in a report shared with Hackread.com ahead of Friday’s publication.

Confidant Health acknowledged the data breach and restricted access. It is unclear whether the database was controlled directly by Confidant Health or a third party. Uptime and access to a poorly configured server is unknown.

“Not every document in the database was exposed, and part of the files were restricted and not visible to the public. However, even if the information in these restricted files cannot be seen, there is a potential risk that malicious actors will know the file paths and storage locations of additional patient data, “Fowler you noticed.

The exposure of sensitive patient information poses a significant risk to their privacy and can lead to a variety of negative consequences, including identity theft, medical information theft, fraud and embezzlement. Criminals can use this information to open fraudulent accounts, submit false insurance claims, target patients with the threat of releasing their mental health information and exploit their vulnerabilities.

This incident highlights the importance of strong data security measures in the mobile health industry. Key measures may include encryption, access control, regular security audits, employee training on data security best practices, and a comprehensive disaster response plan. events. As tele-health services increase in popularity, providers must prioritize patient privacy and data security.

ADDITIONAL HEADINGS

1. AI firm exposes 2.5 million sensitive medical records online
2. Millions of US Voters’ Information Was Leaked in 13 Fraudulent Databases
3. Mexico’s Largest ERP Provider ClickBalance Produces 769M Records
4. AI in Healthcare: ChatGPT Helps Boy Get Diagnosed After Doctors Fail
5. Database Mess Up: 7TB of Healthcare Data Leak Affects 12M Patients