MedEvolve leaked over 200,000 patient information due to server vulnerabilities

MedEvolve is a medical software company based in Arkansas, USA. According to a press release issued on July 10, 2018, MedEvolve faced a data breach that exposed the patient’s personal information. On May 11, 2018, when the company’s staff found a file containing patient data on an FTP server, they noticed the vulnerability. It is worth noting that anyone can access this file.

MedEvolve stated that the document was publicly accessible between March 29, 2018, and May 4, 2018. They also pointed out that someone had illegally visited the record on March 29, 2018.

Although the company disclosed the data breach on July 10, 2018, in fact, databreach[.]net had already released the news in May. According to their blog post on May 16, 2018, their researchers discovered an online exposed FTP server belonging to MedEvolve that contained a file containing 205,000 patient personal information.

Although databreach[.]net clearly announced that the exact amount of data leaked was 205,000, no such data was disclosed in MedEvolve’s press release.

MedEvolve said that they had hired a third-party security expert to conduct a detailed investigation of the matter, and notified some of the patients affected by the incident, and will provide them with a two-year TransUnion credit monitoring services.