A cybersecurity researcher discovered an exposed Confidant Health database containing thousands of records such as personal identifiable information, psychosocial assessment documents, health insurance information, ID cards, and more. In total, the database contained 126,276 files (equivalent of 5.3 terabytes). A separate folder contained 1,755,571 logging records. Some of these files contain audio and video files.
The research indicates the database was not protected by a password. Therefore, this database could be accessed without a password via the internet. While not every document in the database was exposed, there is still a risk of malicious actors knowing file paths and storage details for additional patient information. Furthermore, the accessible files, viewable with just a web browser, contained private and sensitive information of patients.
For Confidant Health patients concerned their data may have been exposed, the research encourages them to change passwords for online accounts and to contact insurance providers for a new account number.