Threatwatch

FTC: Major search engine indexed medical transcripts containing psychiatric notes

Accidentally leaked credentials; Data dump; Insider attack

GMR Transcription Services agreed to settle Federal Trade Commission charges that the company exposed health and personal information on the open Internet, including consumer medical histories and exam notes.

Fedtrans, one of the firm’s contractors, used an application that “transmitted files in clear readable text and was configured so that the files could be accessed online by anyone,” according to court papers.

The digital records “were indexed by a major internet search engine,” FTC officials stated, and, according to the court papers “were accessed, using the search engine.”

Some of the records contained children’s exam notes and “highly sensitive medical information, such as information about psychiatric disorders, alcohol use, drug abuse, and pregnancy loss,” the court documents state.

Files also included names, birthdays, tax information, medications, and, in some cases, employment histories and marital status.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Healthcare and Public Health

reported

January 31, 2014

reported by

FTC

number affected

1000s of consumers

location of breach

Unknown

perpetrators

Employees

location of perpetrators

Unknown

date breach occurred

between March 2011 and October 2011

date breach detected

Unknown