MEDantex Transcription Service data leaks

MEDantex is a medical transcription company headquartered in Kansas, USA. Its main business is to provide customized transcription solutions for hospitals, clinics, and private doctors. Last week, KrebsOnSecurity, a well-known security website, sent a notice to the company saying that an online portal of the company exposed the patient’s medical records and involved more than a thousand doctors.

The so-called medical transcription refers to the use of word processing software to transcribe information recorded in the medical process according to the doctor’s dictation recording. This may include records of medical records, physical examination reports, clinical diagnosis, surgical reports, X-ray reports, and pathology. Transcription of reports and other information.

Medical transcription can be said to be one of the fastest growing areas in the healthcare industry. In Western countries, especially countries such as the United States where the entire healthcare industry is based on insurance and detailed medical records, this service allows doctors to dictate patient records over the phone and get edited texts in a short period of time. file.

KrebsOnSecurity learned last Friday (April 20th) that a portal site owned by MEDantex had the potential to leak medical records from patients. The site allows doctors to upload audio files, which are the dictation tapes we mentioned earlier that need to be transcribed. This feature page should have been originally encrypted, but it turns out that any Internet user can access it.

What’s more, the online tool pages used by many MEDantex employees are also completely open to Internet users, including pages for adding or removing user accounts, and pages that can search for patient medical records by the doctor or patient name, while accessing all these pages does not require authentication.

Not only that, KrebsOnSecurity also believes that MEDantex may have become a victim of ransomware called WhiteRose. Sreeram Pydah, founder, and CEO of MEDantex, confirmed that the company did experience a ransomware infection and recently rebuilt the online server.

Pydah said that the site has been closed for about two weeks, but the security threats notified by KrebsOnSecurity seem to have been incorporated into the reconstruction process in some way. In other words, after the site was rebuilt, the problem of patient medical records exposure still exists.

KrebsOnSecurity said that it is not yet clear how many patients’ medical records were exposed on the MEDantex website, but one of the catalogs named “/documents/userdoc” contains documents relating to more than 2,300 doctors. The catalogs are arranged in alphabetical order. Each catalog contains a different number of patient medical records. Both the Microsoft Word document and the original audio file can be downloaded.

Although many of the documents seem to have only recently been created, some of these records date back to 2007. It is also not clear at the time when these documents were initially exposed, but according to Google’s cache, the site page appears to have been publicly accessible since April 10, 2018.

It is worth noting that if these medical records are leaked, the impact will be enormous. According to the information displayed on the MEDantex official website, the customers of its transcription service are almost covered by the entire United States, including New York University Langney Medical Center, San Francisco Multidisciplinary Medical Group, Jackson Hospital in Montgomery, Alabama, Allen County Hospital in Iola, Kansas, Green Clinic Surgical Hospital in Ruston, Los Angeles, Trillium Specialist Hospital in Mesa, Arizona and Sun City, Cooper University Hospital in Camden, NJ, Sunrise in Miami The Medical Group, the Wichita Clinic in Wichita, Kansas, the Kansas Spine Center, the Kansas Plastic Surgery Center, and the basic surgical hospitals throughout the United States.