Back in September, DataBreaches.net reported on an exposed MongoDB database that had been discovered by MacKeeper security researcher Chris Vickery. The database contained protected health information from tens of thousands of patients seen at dozens of clinics that were clients of EMR4All and Rehab Billing Solutions, companies owned by Todd Jones.
Since that report, we have begun to see some of the affected clinics begin to notify their patients.
Last month, Best Health Physical Therapy, LLC notified their patients, and this month, we have already seen reports from Luque Chiropractic & Watsonville Chiropractic (David W. Christie, D.C.), and The Biomechanics LLC.
Not all of these reports have appeared on HHS’s public breach tool yet, and I anticipate that we will see a lot more reports coming in over the next month or so.
As Protenus and DataBreaches.net noted in our whitepaper on business associate breaches, breaches at third parties have the potential to impact a tremendous number of patients – whether it’s a misconfigured database as in this case or a business associate getting hacked and clinic databases being stolen and sold on the dark web. If you haven’t really taken a close look at your BA’s data security, what are you waiting for?