Exposed database backups discovered and reported by researcher @JayelTee are now being reported in more mainstream news after OrthoMinds issued a press about the incident.
Marianne Kolbasuk McGee reports:
A vendor of cloud-based orthodontic practice software is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last November. But the security researcher who discovered the unsecured database alleges the exposure appears to have lasted longer than that and affected at least 200,000 patients.
Georgia-based OrthoMinds in a public statement Thursday said it is notifying clients and individuals potentially affected by the data security breach.
[…]
In his January report, JayeLTee said he found exposed 1,863.71 gigabytes of data – or more than 300 database backups dating from November 2020 through mid-October 2024 – belonging to dental clinics that are OrthoMinds clients.
“It was 300 files exposed, but some clients had multiple backup files that looked like they spanned through multiple years from the timestamps on the filenames, so the client number would be less than that,” he said. “It was at a minimum over 200,000 patients just by looking at one of the backups, but I have no clue how much more than that,” he told ISMG.
OrthoMinds reported the incident to HHS in January using a placeholder for the number of patients affected. They have not updated that report since then.
Read more at BankInfoSecurity.