Open databases leaked 93 Million billing files of patients.

Around 93 Million billing files were exposed containing information of patients from drug and alcohol addiction facilities by a misconfigured AWS s3 storage bucket. These three drug and alcohol addiction facilities were operated by San Juan Capistrano, California-based Sunshine Behavioral Health, LLC namely SBH’s Monarch Shores location in San Juan Capistrano; Chapters Capistrano facility in San Clemente, Calif.; and Willow Springs Recovery center in Bastrop, Texas. Patients from these facilities had their data open and accessible and SBH was repeatedly informed by DataBreaches.net about this leak.

The exposed data consisted of billing details like individual's name, birth date, physical and email addresses, phone numbers, debit and credit details like card numbers with partial expiration dates and a full CVV code and health insurance information, including membership and account numbers and insurance benefits statements. Roughly, 93 Million files were released but comparatively fewer individuals were affected as patients had multiple files to their name. The news was covered by DataBreach.net yesterday, but they have been following the case since August.

An anonymous individual tipped DataBreach.net about the open database in late August and they informed Sunshine Behavioral Health regarding the leak on September 4th but to no avail. They then spoke to SBH's director of compliance, Stephen VanHooser and shortly the data was made private. But, unfortunately in November Databreach.net noticed that “the files were still accessible without any password required if you knew where to look.

And anyone who had downloaded the URLs of the files in the bucket while the bucket was exposed would know where to look.”, stated the post. The data and files were finally secured after ..

Support the originator by clicking the read the rest link below.