Grand Street Medical Associates
There was a time a large amount of patient’s protected health data and information was exposed through an unsecured FTP server. This was discovered by one Justin Shafer who proceeded to notify Grand Street Medical Associates (GSMA). GSMA went on to contact DataBreaches.net on March of the same year. It was estimated that more than 14,600 files were exposed which is more than 20GB of data. Each of the files skimmed by DataBreaches.net contained PHI on several patients. It appeared as the files comprised of an effort of scanning and digitizing patients’ paper records from December 2011.
Figure 1: Some of the files exposed
Most of the files exposed contained patients’ demographics. The files also contained PHI of unique patients. Additionally, for most of these patients whose files were exposed, there were questions whether they had recently visited the lab or had any bloodwork. The forms also required the patients to provide information such as name, marital status, and date of birth, age, gender, address, and occupation among other sensitive information. About half of 65 patients whose forms were exposed provided the requested information without thinking much into it. On the other hand, other patients provided insurance information according to the way they were requested. For most of the patients, there were also copies of the insurance cards as well as driver’s licenses. The matter became even worse because more than 14,000 files appeared on Google index while the other more than 6,300 files appeared on the Filemare index. Below is the Google index:
Figure 2: Google Index