A major U.S. healthcare provider is selling 1.5 terabytes of sensitive patient data in an unauthorized FTP. The access consisted of comprehensive patient files containing detailed personal information. The type of access is FTP with write-to-download functionality, allowing potential buyers to manipulate the data as they see fit. The data is 1.5 terabytes in size and is open on 1/30/2024.
Patient files contain a wealth of personal information, including address, patient name, date of birth, social security number (SSN), gender, phone number, and more. Shockingly, the company actively updates and edits this data on a daily basis. Despite being listed for sale since March 2, 2024, it remains unsold. The targeted organizations cover more than 50 facilities in the U.S., so the potential impact of this breach is wide-ranging.
Leakage of data information:
Access type: FTP with write-to-download functionality
Data size: 1.5 TB
Time to market: As of January 30, 2024
What: Complete patient file including address, patient name, date of birth, Social Security Number (SSN), gender, phone number, etc.
UPDATE: The company is actively updating and editing data on a daily basis. Despite being listed for sale since March 2, 2024, it remains unsold.
Scope: Targets include more than 50 plants in the United States.
