Medical software company database may have exposed tens of thousands of
health records and PII

Date:
Mon, 28 Apr 2025 17:00:00 +0000

Description:
20 thousands patient records were potentially exposed.

FULL STORY ======================================================================A
breach has impacted thousands of Carolina Anesthesiology PA patients
Sensitive health information and patient data was exposed This leaves anyone affected at risk of identity theft or social engineering

Security researcher Jeremiah Fowler has discovered a non password-protected database, believed to be owned by Carolina Anesthesiology PA - a healthcare firm based out of North Carolina. This dataset contained 21,344 records, was almost 7GB, and spanned multiple states.

The information contained sensitive data, including patient information like names, physical addresses, phone numbers, and email addresses, as well as insurance coverage details, anesthesia summaries, diagnoses, family medical histories, and doctors notes. According to the researcher, there were files marked Billing and Compliance Reports, which gives an idea of the type of
data included.

While there is so far no evidence to suggest the database fell into malicious hands, the potential compromise of the unprotected database could put many at risk of social engineering attacks like phishing, identity theft, or fraud.

Get Keeper Personal for just $1.67/month, Keeper Family for just
$3.54/month, and Keeper Business for just $7/month.

Keeper generates and stores strong passwords so you never have to remember them again. Dont let one weak password leave you exposed.

Preferred partner ( What does this mean? ) View Deal Database on show

The researcher outlines that the dataset contained a detailed analysis and
key metrics related to medical billing and healthcare services provided - but that, when contacted, the healthcare firm indicated that it did not own or manage the database, but that the owner has been notified and public access restricted.

Its not clear if the information was accessed by a threat actor or third party, as only an internal audit would show this - and as far as we know, the information has not appeared on any dark web sites for sale by
cybercriminals. Investigation by the researcher indicate that this folders contents was likely affiliated with Atrium Health - a partner of Carolina Anesthesiology PA.

Our cyber security team immediately launched an internal investigation upon receiving an email tip in mid-February 2025 about a possible data breach. Our investigation found that Carolina Anesthesiology, P.A., who regularly
provides anesthesia services at select facilities, misconfigured the technology service used for billing data, exposing some of their patient
data, said Atrium Health in response to the breach.

We immediately shut down all data feeds to Carolina Anesthesiology and, as a courtesy, notified the regular governing entities. We continue to learn more from the Carolina Anesthesiology team about their plan to notify their patients of this breach. All data feeds remain off until this issue has been satisfactorily addressed. You might also like Take a look at our picks for
the best malware removal software around Check out our choice for best antivirus software Almost a million patients hit by Frederick Health data breach



======================================================================
Link to news story: https://www.techradar.com/pro/security/medical-software-company-database-may-h ave-exposed-tens-of-thousands-of-health-records-and-pii

--- Mystic BBS v1.12 A48 (Windows/64)
* Origin: Mystic Hobbies BBS mystic-hobbies.com (999:1/2)