All news with #phi tag

Long Island Medical Practice Exposed 42,000 Patient Records

🔓 UpGuard discovered a publicly accessible rsync repository exposing medical and personal data tied to Cohen Bergman Klepper Romano MDS PC, a Long Island practice. The repository contained over 42,000 patient records, more than three million medical notes, and physicians’ PII including Social Security numbers. A .pst backup and virtual disk revealed staff home addresses and family details. UpGuard’s notification led to the exposure being secured, underscoring the need for strong access controls and formal disclosure response procedures.

OneHalf Data Exposure Exposes Employee and Client Records

🔒 UpGuard's Cyber Risk Research team discovered and secured a public GitHub-based data exposure belonging to OneHalf, a business process outsourcing firm in the APAC region. The exposed repositories contained HR and medical databases with detailed personal records for hundreds of employees, plus banking account numbers for several corporate clients. UpGuard notified OneHalf and the repositories were taken private, likely preventing further exploitation of sensitive personal and business information.

Medico Inc. S3 Exposure Exposes Nearly 14,000 Records

🏥 UpGuard discovered an open Amazon S3 bucket operated by Medico Inc. that exposed nearly 14,000 files (~1.7 GB), including medical records, explanations of benefits, legal documents, and financial PII such as SSNs and bank account details. The bucket was identified on June 20, 2019 and secured within hours after notification. Exposed items also included internal spreadsheets containing account credentials and passwords, plus scanned checks and unredacted treatment notes. The incident highlights common cloud misconfigurations and the need for stronger vendor controls and data-handling processes.