Company linked to hospital data leaks buried under fallout

Washington-based Verus Incorporated, an IT company providing solutions for hospitals, went out of business after being implicated in numerous data leaks regarding clients’ patient data. The leaks, which started in April with reports coming in as late as yesterday, tell of critical lapses in server security as Verus’ IT department accidentally left the firewall turned off to a critical server during maintenance actions.

Unprotected private data, which included names, addresses and social security numbers, soon became world-visible. At one point Google indexed the data. A woman searching for the details of a deceased friend discovered the indexed information on May 22.  Soon thereafter, the first story officially broke. The 1,000 records belonged to Kennewick General Hospital in Washington. The hospital implicated Verus, who processed the hospital’s online payments.

The next day, more news broke reporting an additional 9,000 records leaked from Concord Hospital in New Hampshire. According to the report, the patient data had been freely available on the internet “for a period of time.”

Leaks continued to surface, with each reporting similar findings throughout the summer. In total, the amount of data leaked came close to 100,000 records, with the latest contributions coming in yesterday with another 31,000 records from Sky Lakes Medical Center in Oregon, according to Darkreading.

Verus’ web site is currently not responding, with all requests timing out. Calls made to Verus’ offices instead go to MedSeek, who seems to have taken over Verus’ support obligations. According to David Levin, who is the Vice President of Marketing at MedSeek, Verus’ closure may have been brewing for a while, despite the sudden shutdown that yielded no formal announcements.

“We're not sure if the breaches were the only reason why they closed down -- there might have been other issues as well,” said Levin. “But we know we got the call to support the [Verus] customers very soon after the breach was supposed to have happened."

According to Darkreading, Verus’ investors pulled the plug “eight to 10 weeks ago” and the company quickly disbanded.

“All of the breaches were the result of an IT error, as opposed to any problems with the software,” said Levin. “They made a huge mistake, and it literally shut the company down. It's really a cautionary tale.”

"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller

Latest Blog Posts

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki