.png)
An American company that leaked medical data from 136000 patients has come to a $7 million agreement with the individuals affected. A Dutch hacker uncovered the data in a repository on GitHub, which included sensitive medical information and social security numbers.
The Dutch security researcher Jelle Ursem, known as Schizoduckie on Tweakers, uncovered the data in 2020 in a publicly accessible GitHub repository. This data belonged to the American company MedData, which provides billing software for healthcare facilities in the United States. An employee of the company uploaded personal data of patients on GitHub between December 2018 and September 2019, including names, addresses, health information, and social security numbers. The repository contained information for a total of 135908 patients.
After discovering the data, Ursem attempted to contact MedData. Initially, the company did not respond, but eventually, they removed the data from the public repository. It is unclear if this action completely removed the data, as it may have also been archived in the GitHub Arctic Code Vault in certain instances.
Reports from Top Class Actions indicate that MedData has now settled with the affected individuals. While they do not admit any wrongdoing, they have agreed to provide seven million dollars in compensation. Victims who can demonstrate harm caused by the data breach may claim up to five thousand dollars, as well as receive five hundred dollars for the time spent addressing issues such as changing passwords or monitoring credit reports. Additionally, all victims are offered a data monitoring service.
Jelle Ursem is a hacker associated with the Dutch Institute for Vulnerability Disclosure, known for discovering sensitive data in public repositories. Ursem was interviewed by Tweakers in 2022 about his findings and practices.
English (US)