- Archer Health exposed 145,000 sensitive files through an unprotected publicly available database
- Leaked data included names, SSNs, diagnoses and other personal and medical information
- Database was secured according to the researcher’s tip; No proof of dark web distribution yet
Archer Health, an American-based home provider in the home and palliative care, kept an unprotected database available on the wider internet that is delicious sensitive personal and health data to anyone who knew where to see experts have warned.
Cyber security scientist Jeremiah Fowler marked found to Websiteplanet After finding the database and helping it to be locked down.
Fowler found a non-encrypted, non-passord-protected database containing approx. 145,000 files, including PDF, PNG and other files, and held documents such as various assessments, home health certifications, plan for nursing documents, discharge forms and other internal documents.
Locking of the database
Generally, these files, as and measured in 23 GB, also contained people’s names, patient -id numbers, SSNs, postal addresses, telephone numbers and other personally identifiable information (PII). Other documents contained diagnoses, treatments and other potentially sensitive health data.
Archer Health, also known as Archer Home Health/Home Health & Palliative Care) is a provider of medical services at home. The company offers skilled nursing, therapy (physical, speech, commercial), nutrition guidance, medical social work, home -health assistants, wound care and more., Delivered in the patient’s home.
They also provide palliative care focusing on symptom relief, disease management, comfort and support for patients with severe or chronic illness.
Shortly after Fowler reached out, the company locked the database down and thanked the researcher for tips.
“Thank you for bringing this to our attention,” Archer Health told Fowler. “We take data security and the patient’s privacy very seriously. Our team is actively investigating this case and will immediately tackle any security problems.”
Without proper forensic analysis, it is impossible to say if anyone had access to the database before Fowler found it. There is no evidence that this database was leaked everywhere on the dark web. Furthermore, we do not know how long the archive remained open or who managed it (Archer Health or a third party).
