Security researcher Jeremiah Fowler and the Website Planet team discovered an unsecured database belonging to Deep6.ai, an American medical artificial intelligence platform, containing 886,521,320 records.
The total size of the dataset was 68.53 GB and contained U.S.-based medical-related data. The type of data collected was divided into the following sections:
Date, document type, physician note, encounter IDs (An interaction between a patient and healthcare provider(s) to provide healthcare service(s)), patient ID, note, UUID, patient type, doctor notes, date of service, note type (example Nursing/other), and detailed note text.
Some of this information was encrypted, but the notes and physician information were in plain text. The danger, Fowler says, would be if the patient ID were decrypted and the identity was exposed, making it clear to see their medical issues or diagnoses.
The doctor notes, Fowler says, provided highly intimate details of patient illness, treatment, medication, family, social and even mental health issues.
According to Fowler, the database was at risk of a ransomware attack and was publicly accessible to anyone with an internet connection.