Third Party EMR Vendor Experiences Massive Breach

2019, Breaches, March

Who: Meditab Software Inc. and MedPharm Services When: Mar 19, 2019

# of records involved: 6,000,000 Medical records of 2,200 healthcare hospitals, pharmacies, ​and doctors offices)

What happened: Meditab provides the electronic medical record (EMR) and practice management software to hospitals, physician’s offices, and pharmacies suffered a massive breach of protected health information.

How did it happen: Meditab also provides a fax processing service and one of the servers used for processing faxes has been discovered to be leaking data and could be accessed over the internet without the need for any authentication. None of the information was encrypted.

Outcome: The fax server was taken offline, and an investigation was launched to identify the cause of the breach. Database logs are currently being assessed to determine the extent of the breach, which patients have been affected, and whether the database was accessed by unauthorized individuals or downloaded. It is unclear for how long the server was left unprotected and how many patients have been affected by the breach. Considering the number of records in the database, this breach has the potential to be one of the largest ever healthcare data breaches in the United States.