Major Healthcare Data Breach: 145,000 Patient Records Exposed
A recent data breach has exposed 145,000 patient records, including sensitive personal and medical information. The breach occurred when Archer Health, a US-based in-home and palliative care service provider, kept an unprotected database on the internet.
What Happened?
Cybersecurity researcher Jeremiah Fowler flagged the finding to Website Planet after discovering the database and helping it get locked down. The database contained roughly 145,000 files, including PDF, PNG, and other files, and held documents such as various assessments, home health certifications, plan of care documents, discharge forms, and other internal documents.
Overall, these files, which measured in at 23GB, also contained people’s names, patient ID numbers, SSNs, postal addresses, phone numbers, and other personally identifiable information (PII). Other documents contained diagnoses, treatments, and other potentially sensitive healthcare data.
Impact on Indian Healthcare
While the breach occurred in the US, it has significant implications for Indian healthcare. With the increasing use of digital technologies in healthcare, the risk of data breaches is becoming more pronounced. Indian healthcare providers must take immediate action to protect patient data and prevent similar breaches.
In India, the Personal Data Protection Bill, 2019 is still pending, and its implementation is crucial to safeguarding patient data. The bill aims to establish a Data Protection Authority to oversee data protection and privacy in India.
Preventing Data Breaches in Indian Healthcare
To prevent data breaches, Indian healthcare providers must adopt robust cybersecurity measures, including:
- Implementing encryption and access controls
- Conducting regular security audits and risk assessments
- Providing training to employees on data protection and privacy
- Establishing incident response plans
Additionally, Indian healthcare providers must ensure compliance with international standards and regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).
Conclusion
The recent data breach at Archer Health is a wake-up call for Indian healthcare providers to prioritize patient data protection. By adopting robust cybersecurity measures and complying with international standards and regulations, Indian healthcare providers can prevent similar breaches and safeguard patient trust.
As the Indian healthcare sector continues to grow and adopt digital technologies, it is essential to prioritize data protection and privacy. By doing so, Indian healthcare providers can ensure the delivery of high-quality, patient-centered care while maintaining the trust and confidence of patients.