A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.
The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.
The breach, first reported by WIRED, involved PII, such as patient names and addresses, but also sensitive information like audio and video recordings of therapy sessions, detailed psychiatric intake notes and comprehensive medical histories.
The article showed how horrifically compromising some of the information was: “One seven-page psychiatry intake file… details issues with alcohol and other substances, including how the patient claimed to have taken… narcotics from their grandparent’s hospice supply before the family member passed away,” according to the article. “In another document, a mother describes the ‘contentious’ relationship between her husband and son, including that while her son was using stimulants, he accused her partner of sexual abuse.”
IBM’s 2024 Cost of a Data Breach report highlights that 46% of breaches involved customer PII. The report also notes a significant increase in the cost per record for intellectual property (IP) data, jumping from $156 to $173.
But the level of exposure in the Confidant Health incident represents a significant escalation in the potential harm to affected individuals, far surp ..
Support the originator by clicking the read the rest link below.