MedEvolve, Inc.

MedEvolve’s public FTP server exposed more than 200,000 patients’ records.

Recently, this site learned of another FTP server exposing patients’ information.

This particular FTP server belongs to MedEvolve, an Arkansas company that provides practice management software.

This FTP server was set to permit anonymous login and had no banner telling people to keep out of the files with patients’ information.

A number of clients had files on the FTP server, and in all cases but two, the files were password-protected.

More than 11,000 of the records reportedly included Social Security numbers.

A second MedEvolve client with exposed patient information on that FTP server was Dr. Beverly Held.

Dr. Held’s files consisted of three .dat files and there were about 12,000 Social Security numbers exposed in the files.

Source: https://www.databreaches.net/more-than-200000-patients-records-were-exposed-on-medevolves-public-ftp-server-researcher/

"id": "MED213017722",
"linkid": "medevolve",
"type": "Data Leak",
"date": "05/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"