Website Planet reports that Jeremiah Fowler discovered a non-password-protected database that contained 148,000 records belonging to InHouse Physicians — a healthcare provider that offers on-site medical services and wellness programs to organizations, including corporate health and wellness solutions, event medical services, and occupational health programs.
The non-password-protected database contained 148,415 PDF documents totalling 12 GB. Each document contained the name of the individual and indicated whether they were cleared or denied entry to conferences, events, or other functions based on the results of medical screenings. The documents indicating denials included instructions of what to do if the individuals were experiencing symptoms of COVID-19.
Although the documents belonged to InHouse Physicians, Fowler and Website Planet do not know who was responsible for managing the database. Fowler also includes an important statement:
I do not imply any wrongdoing by InHouse Physicians, nor do I claim the information contained in the exposed PDF files was ever at risk. It is not known how long the documents were exposed or if anyone else gained access to the publicly accessible database. Only an internal forensic audit could identify this information.