"The bug allowed any user of the portal, which houses patients' medical documents and health records, to access documents belonging to other patients. Cox was able to access other patients' documents from his account, including their personal information, medical histories, photo identification, and other files."
"Cox said the document numbers in the web address appear to be sequentially incremental, so it could be possible to easily guess the document numbers of other people's medical files."
"Cox faced difficulties in alerting Practice by Numbers to the issue, as the company offered no discernible avenue to report security problems. The company's email address on its website was broken, with emails returned as undeliverable."
Practice by Numbers fixed a security flaw in its patient management software that exposed private health records. A patient, Joseph R. Cox, discovered the issue while accessing his dental records. The bug allowed users to access other patients' documents, including personal information and medical histories. Cox reported difficulties in notifying the company, as their email for reporting security issues was broken. The flaw was easily exploitable by changing document numbers in the web address, which were sequentially incremental, making it simple to guess other patients' files.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]