Unsecured Amarin and Medico Database Resulted in Potential PHI Disclosure

A database which comprises of the personal information of men and women who expressed interest in Vascepa®, a cholesterol drug manufactured by Amarin Pharma, was exposed online.

The database, which a third party vendor maintained, had the following data: complete names, addresses, email addresses, telephone numbers, a copay card for Vascepa® and prescription drugs details.

Amarin learned about the breach from the media reports which talked about an exposed database containing information on Amarin customers and immediately initiated an investigation. The firm determined without delay which database was compromised and stopped the active data feeds and properly secured the database.

Based on the vendor’s investigation, the database was misconfigured so that it became publicly open online on May 2, 2018 to June 20, 2019.

The investigators likewise reported the unauthorized access of the database by a third party from May 29, 2019 up to June 20, 2019, and the copying of some information during data breach.

Amarin and its vendor are still investigating the breach. The database remains inaccessible online since more safety features must be put in place to avoid further unintentional data disclosures.

vpnMentor stated that the database contained the information of close to 78,000 people. Another database, which contained transaction data, was also compromised.

Medico Database Exposed Online

UpGuard security researchers found an unprotected Amazon S3 bucket exposing its database. The database has around 14,000 documents containing medical, personal and financial information. The database belongs to Medico, a billing and insurance data processing a vendor.

The database had made accessible text files, spreadsheets, documents, images, and PDF files. The files included details of names, contact information, banking data, insurance information, usernames, passwords, Social Security numbers, other personal data, medical data, and medication data. Majority of the information was from 2018.

Upon receiving UpGuard’s notification regarding the unprotected Amazon S3 bucket, the vendor promptly secured its database and files. There was no report of unauthorized access of information prior to the discovery of the breach by UpGuard researchers.

About Christine Garcia 1200 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA