Popular Articles
Today Week Month Year


Therapy logs, video sessions for 1.7 million American mental patients LEAKED to open web after data breach
By Ethan Huff // Sep 11, 2024

Austin-based healthcare startup Confidant Health is in the news after an estimated 5.3 terabytes worth of the company's mental health data was leaked to the open web.

More than 1.7 million activity logs including psychological profiles and therapy sessions for thousands of patients, including "telehealth" audio and video files, were included in the leak, as were patient driver's licenses.

Since first getting off the ground in 2018, Confidant has been promising to build "the next-generation of virtual care" for mental health patients seeking treatment for addictions and behavioral problems. Instead, Confidant botched the security of its confidential patient files by storing them in a "non-password-protected database."

Confidant currently offers clinical services to patients in Connecticut, Florida, New Hampshire, Virginia and Texas. The Confidant Health app is available on both the iOS (Apple) and Android (Google) platforms, having been downloaded some 10,000 times in the Google Play Store.

(Related: Did you know that "nearly all" AT&T customers were hacked in a data breach earlier this summer?)

People's deepest, darkest secrets shared with the world

Cybersecurity expert Jeremiah Fowler is credited with discovering the leak. He commented that the patient audio and video files contain "some heartbreaking, really painful family trauma, personal trauma."

"It's almost like having your deepest, darkest secrets that you've told your diary revealed," he added. "It's things that you never want to get out."

As a show of respect for professional ethics, Fowler chose not to download any of the private medical information. He also did not attempt to access the password-protected databases, though he did say that a dedicated hacker could easily break in if he or she was so inclined.

"Cyber criminals have a range of tools at their disposal including brute force attacks and social engineering attempts that could potentially result in unauthorized access to those protected files and documents," Fowler further said.

What Fowler did observe as part of his investigation was a trove of publicly visible patient documents that are clearly labeled as things like psychotherapy intake notes and professional assessments on individual patient health. There are also documents outlining patient histories of mental health, substance abuse, family issues, psychiatric history and other problems.

There were also many other files included in the leak such as administrative documents and verification records, i.e., state-issued identification and insurance cards. Other files include drug tests, some with Personally Identifiable Information (PII), that show positive results for substances like cannabis and alcohol.

Much of the leaked data had been collected by Confidant's proprietary chatbots and artificial intelligence (AI), meaning robots rather than humans were in charge of it. Confidant has long bragged about its advanced chatbots and AI programs, which the company claims are pros rather than cons.

"A data-centric environment like the one we are constructing lends itself to leveraging AI to make predictive suggestions," said Confidant's co-founder Sam Arsenault Wilson in a 2022 interview. "That's where we're headed once the data reaches proper scale."

In a report he compiled for the security website vpnMentor, Fowler noted that in a random sampling of data he reviewed, the open and publicly accessible files "contained what could be considered a very serious potential risk to the personal privacy and PII of those individuals."

Of the approximately 1,000 files he personally reviewed to better understand how the data breach occurred in the first place, Fowler revealed that he "was able to view using only a web browser," meaning anyone can access the leaked files without any understanding of hacking.

Fowler made note of the fact that maintaining an exposed database of documents without password protection like Confidant has been doing is highly unusual, especially in the healthcare industry.

More related news coverage can be found at CyberWar.news.

Sources for this article include:

DailyMail.co.uk

NaturalNews.com



Take Action:
Support NewsTarget by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NewsTarget.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.

NewsTarget.com © 2022 All Rights Reserved. All content posted on this site is commentary or opinion and is protected under Free Speech. NewsTarget.com is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. NewsTarget.com assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published on this site. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
News Target uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.