Cybersecurity Researcher Jeremiah Fowler uncovered a non-password-protected database that contained 148,000 records belonging to InHouse Physicians.
InHouse Physicians is a global provider of innovative onsite healthcare solutions that assist corporations in reducing healthcare claims. Using a value-based approach, our “next generation” worksite clinics reduce healthcare costs while improving health outcomes that matter most to patients.
The database contained documents indicating if the person was cleared to enter an event or tested positive for COVID-19 and denied entry and included names and phone numbers.
According to the researcher, The non-password-protected database contained 148,415 PDF documents totaling 12 GB. Each document included the individual’s name and indicated whether they were cleared or denied entry to conferences, events, or other functions based on the results of medical screenings.
The documents indicating denials included instructions on what to do if the individuals were experiencing symptoms of COVID-19. Each document contained the logo and phone number of Illinois-based InHouse Physicians.
This data breach raises significant concerns for InHouse Physicians’ patients. Public disclosure of COVID-19 status can be highly sensitive and lead to discrimination or social stigma.
Additionally, exposed names, phone numbers, and event details make patients vulnerable to identity theft and targeted scams.
