Jeremiah Fowler, a cybersecurity researcher, discovered a non-password-protected database containing 21,344 medical records of Atrium Health patients. This database held sensitive personal information, including medical history, diagnoses, and more. It's unclear whether Atrium Health or a third-party contractor fully managed the database. The potential for identity theft and insurance fraud looms if malicious actors accessed this data. This incident follows recent breaches for Atrium Health, including a December 2024 breach affecting 600,000 patients due to tracking tools and a phishing attack earlier in 2024 compromising health information of 32,000 patients.
It is unknown if the database in question was directly managed by Atrium Health or by a third-party contractor.
The data could be leveraged in social engineering campaigns, allowing malicious actors to obtain more personal or financial information.
Collection
[
|
...
]