AI Healthcare Firm Exposes 5.9 TB of Sensitive Mental Health Data

Share post:

In a significant data security incident, Confidant Health, a Texas-based AI healthcare platform, inadvertently exposed 5.3 terabytes of sensitive mental health records due to a misconfigured server that left a significant amount of data unprotected.

Cybersecurity researcher Jeremiah Fowler discovered the non-password-protected server, which contained over 126,276 files and 1.7 million logging records. The exposed data included personal identifying information, detailed mental health assessments, medical records, and even audio and video recordings of therapy sessions.

The leak potentially affects thousands of patients across multiple states where Confidant Health operates, including Connecticut, Florida, New Hampshire, Texas, and Virginia. “Not every document in the database was exposed, and a portion of the files were restricted and not publicly viewable,” Fowler noted. “However, even if the data in these restricted files cannot be viewed, there is a potential risk of malicious actors knowing the file paths and storage locations of additional patient data.”

While Confidant Health has acknowledged the data leak and restricted access, the duration of the exposure and the extent of unauthorized access remain unknown. This incident underscores the critical importance of robust data security measures in the rapidly growing telehealth industry. As cybersecurity experts warn, such breaches can lead to severe consequences for patients, including identity theft, medical fraud, and potential blackmail. The incident serves as a stark reminder for healthcare providers to prioritize patient privacy and data security in an increasingly digital healthcare landscape.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways