Data Security, Privacy

Misconfiguration exposes Confidant Health’s mental health records

A silhouette of a person's head with a heart-shaped puzzle for a brain is held in the hands of two people.

U.S. virtual healthcare provider Confidant Health had 5.3 TB of data containing sensitive health information and therapy session videos and audio exposed due to an unsecured database, according to Wired.

More than 120,000 files and over 1.7 million activity logs leaked by the database revealed Confidant Health patients' psychiatry intake notes, medical histories, disclosures of alcohol and other substance abuse, moods, memory, medications, and overall mental state, said cybersecurity researcher Jeremiah Fowler. Fowler also noted the presence of several admin and verification files, as well as logs that seemed to be obtained via artificial intelligence or chatbots although some of the exposed files were protected by passwords. Such a misconfigured database has been secured within an hour of being informed by Fowler, noted Confidant Health co-founder Jon Read, who added that only less than 1% of the files, included synthetic training data and faxes, were accessible and emphasized that there has been no indication of any patient record compromise.

You can skip this ad in 5 seconds