InfoSecBulletin Cybersecurity for mankind
Archer Health, a US provider of in-home and palliative care, left an unsecured database online, exposing sensitive personal and health information to anyone who could find it, experts say. Cybersecurity researcher Jeremiah Fowler alerted WebsitePlanet after discovering the database and assisting in securing it.
Fowler discovered an unprotected database with about 145,000 files, including PDFs and PNGs. It contained documents like assessments, home health certifications, care plans, and discharge forms.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Locking the database down:
These files, totaling 23GB, included names, patient IDs, SSNs, addresses, phone numbers, and other personal information. They also contained diagnoses and treatment details.
Archer Health, or Archer Home Health, offers in-home medical services including skilled nursing, therapy, nutritional guidance, social work, home health aides, and wound care.
They offer palliative care that emphasizes symptom relief, managing the disease, comfort, and support for those with serious or chronic illnesses.
After Fowler contacted them, the company secured the database and thanked him for the alert.
“Thank you for bringing this to our attention,” Archer Health told Fowler. “We take data security and patient privacy very seriously. Our team is actively investigating this matter and will address any security issues promptly.”
Unless a forensic analysis is conducted, we cannot determine if the database was accessed prior to Fowler finding it. There is no proof that the database was leaked on the dark web. Additionally, we are unsure how long the archive was open or who operated it, whether it was Archer Health or someone else.
