205,000 patient records exposed on misconfigured FTP server

MedEvolve, a practice management software vendor, exposed the data of 205,000 patients due to a misconfigured FTP server. The server allowed anonymous login, did not require login credentials, and failed to display a banner warning users to keep out of patient files. Out of the exposed database, two clients – Premier Urgent Care and Beverly Held, MD – were left without password protection. The database contained over 11,000 records with Social Security numbers. The issue has been resolved and the company is working to prevent recurrence and protect patient data.