Home / Technology / Patient Portal Flaw Leaked Sensitive Health Records
Patient Portal Flaw Leaked Sensitive Health Records
30 Apr
Summary
- Security flaw exposed private health records of patients.
- Bug allowed unauthorized access to personal and medical files.
- Company fixed the vulnerability after being notified.
Practice by Numbers, a software developer for dental offices, has rectified a critical security vulnerability within its patient portal. This flaw had inadvertently exposed the private health records of patients using software implemented in over 5,000 dental practices across the United States. A patient's report brought this issue to light, detailing how the bug enabled easy access to other patients' documents, including personal information and medical histories. The document numbers in the web address were sequentially incremental, suggesting a simple method for exploitation.
Efforts to alert Practice by Numbers about the security lapse faced initial difficulties, with broken contact methods. However, upon notification on April 13, the company promptly took the patient portal offline for repairs and restored it by April 17. Company officials confirmed the vulnerability is fixed and stated that fewer than 10 patients were impacted, based on server logs. Investigations revealed no evidence of prior exploitation. Practice by Numbers has indicated plans to update its website to facilitate reporting of future security issues.
