A misconfigured and unprotected database belonging to Archer Health Inc. (a California-based in-home healthcare provider) exposed over 145,000 sensitive files (23GB) containing patient records, including names, Social Security numbers (SSN), addresses, phone numbers, medical histories, patient IDs, care plans, discharge forms, and internal communications. Some folders were explicitly labeled with patient names, while others included screenshots of healthcare management dashboards revealing scheduling, provider details, and confidential records. The exposure discovered by researcher Jeremiah Fowler posed severe risks such as identity theft, fraud, and HIPAA violations. Though the database was secured within hours of notification, the duration of exposure and potential unauthorized access remain unknown. Patients face long-term risks if their data was copied or exploited, while the company may encounter legal repercussions, including lawsuits under privacy laws, similar to cases like IMDataCenter’s AWS bucket breach.
Source: https://hackread.com/archer-health-data-leak-23gb-medical-records/
TPRM report: https://www.rankiteo.com/company/archer-health-inc
"id": "arc1732117092625",
"linkid": "archer-health-inc",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'thousands (exact number '
'unclear; 145,000+ files '
'exposed)',
'industry': 'in-home healthcare and palliative care '
'services',
'location': 'California, USA',
'name': 'Archer Health Inc. (Archer Home Health)',
'type': 'healthcare provider'}],
'attack_vector': 'misconfigured/unsecured database (lack of encryption or '
'password protection)',
'data_breach': {'data_encryption': 'no (database was unencrypted)',
'data_exfiltration': 'unconfirmed (no evidence provided, but '
'risk exists due to public exposure)',
'file_types_exposed': ['patient assessments',
'certifications',
'care plans',
'discharge forms',
'internal communications',
'screenshots (healthcare management '
'software dashboards)',
'faxed orders',
'referrals'],
'number_of_records_exposed': '145,000+ files (23 GB)',
'personally_identifiable_information': ['names',
'Social Security '
'numbers (SSN)',
'addresses',
'phone numbers',
'patient ID numbers'],
'sensitivity_of_data': 'high (includes SSNs, medical '
'histories, patient IDs, and internal '
'healthcare dashboards)',
'type_of_data_compromised': ['medical records',
'personally identifiable '
'information (PII)',
'protected health information '
'(PHI)']},
'description': 'A large cache of medical and personal information belonging '
'to patients of Archer Health Inc. (also known as Archer Home '
'Health) was left publicly accessible due to an unsecured '
'database without encryption or password protection. The '
'exposure, identified by cybersecurity researcher Jeremiah '
'Fowler, included over 145,000 files (23 GB) containing highly '
'sensitive data such as patient assessments, home health '
'certifications, care plans, discharge forms, internal '
'communications, and screenshots of healthcare management '
'software dashboards. The exposed data included names, Social '
'Security numbers (SSN), addresses, phone numbers, patient ID '
'numbers, medical information, scheduling details, provider '
'information, and patient records. The database was secured '
'after Fowler reported the issue to Archer Health, but the '
'duration of exposure and potential unauthorized access remain '
'unclear.',
'impact': {'brand_reputation_impact': 'potential long-term damage due to '
'exposure of highly sensitive medical '
'and personal data',
'data_compromised': ['patient assessments',
'home health certifications',
'care plans',
'discharge forms',
'internal communications',
'screenshots of healthcare management '
'software dashboards',
'names',
'Social Security numbers (SSN)',
'addresses',
'phone numbers',
'patient ID numbers',
'medical information',
'scheduling details',
'provider information',
'patient records'],
'identity_theft_risk': 'high (due to exposure of SSNs, medical '
'records, and personal identifiers)',
'legal_liabilities': ['potential violations of HIPAA',
'risk of lawsuits similar to IMDataCenter '
'case (e.g., privacy and data protection '
'claims)'],
'systems_affected': ['database hosting 145,000+ files (23 GB)']},
'investigation_status': 'ongoing (company stated it is investigating the '
'issue)',
'post_incident_analysis': {'root_causes': ['misconfigured database (lack of '
'encryption/password protection)']},
'references': [{'source': 'Website Planet (report by Jeremiah Fowler)'}],
'regulatory_compliance': {'legal_actions': ['potential lawsuits (e.g., '
'privacy/data protection claims)'],
'regulations_violated': ['potential HIPAA '
'violations']},
'response': {'communication_strategy': ['acknowledged issue publicly via '
'statement to Website Planet'],
'containment_measures': ['restricted access to the unsecured '
'database'],
'incident_response_plan_activated': 'yes (company acknowledged '
'notification and restricted '
'access within hours)'},
'title': 'Archer Health Inc. Unsecured Database Exposure',
'type': ['data breach', 'unsecured database exposure'],
'vulnerability_exploited': 'improper access controls (publicly accessible '
'database)'}