Fairchild Medical Center discovered that patient information has been exposed online for the past 4 years through the incorrect setup of a server back in 2015.
The California based medical center has begun notifying patients about the potential 4 year data leak of their protected health information.
The server in question stored medical records such as patient names, dates of birth, patient identification numbers, exam identification numbers, ordering provider names, exam dates and more.
The patients are specifically being notified that their information may have been accessed by unauthorized individuals over the internet.
Fairchild Medical Center was notified in July 2020 by a third-party security company that discovered one of their servers had been misconfigured.
This error in the server left a vulnerability via an opening where it was accessible via the Internet.
The third-party security firm determined that it is highly likely that the patient information could potentially have been accessed by unauthorized individuals.
The server was originally setup on December 16, 2015 and the vulnerability was not corrected until July 31, 2020.
Once notified, the Fairchild Medical Center secured the server and had it verified by a third-party security company.
A forensic investigation could not confirm whether patient information was accessed by unauthorized individuals during the time the server was exposed, but the possibility could not be ruled out.