Exposed Database Contains Confidant Health’s Mental Health and Substance Abuse Treatment Data

Cybersecurity researcher Jeremiah Fowler recently discovered an exposed healthcare database. The 5.7 TB mental health and substance abuse treatment data stored in the database were accessible online without any password protection. Researcher Fowler tracked the database and found that it belongs to Confidant Health. This Austin, TX-based firm provides an AI-driven system that finds psychiatrists, therapists, and addiction treatment providers for Connecticut, New Hampshire, Florida, Texas, and Virginia patients.

Fowler discovered approximately 126,000 files and 1.7 million logs in the database that contained patients, healthcare specialists, and therapists’ personally identifiable information. The data exposed included names, addresses, state IDs, driver’s license details, Medicaid cards, prescription drugs, health records, drug test data for specific substances, and text transcripts and audio recordings of therapy sessions. The data maintained by Confidant Health were associated with the following services it provides: alcohol rehab, an online suboxone clinic, pre-addiction treatment, behavior change, opioid withdrawal management, a recovery coach, and medication-aided treatment.

The breach of sensitive patient information presents a threat to privacy and may bring about several negative outcomes, such as identity theft, extortion, and blackmail. Criminals could misuse this data to open fake accounts, submit bogus insurance claims, or intimidate patients by threatening to disclose their mental health details and take advantage of their vulnerabilities.

A few hours after Fowler informed Confidant Health regarding the data breach, the company restricted access to the database. The duration of data exposure is unknown. It is also unclear if the breach is due to unauthorized access by individuals. There is no information about the nature of the database, whether Confidant Health or a third-party company maintained it. Confidant Health is a registered HIPAA-covered entity that has a HIPAA Seal of Compliance. The data breach report was not yet posted on the HHS Office for Civil Rights breach portal.

Tags

Daniel Lopez

Daniel Lopez

Daniel Lopez stands out as an exceptional HIPAA trainer, dedicated to elevating standards in healthcare data protection and privacy. Daniel, recognized as a leading authority on HIPAA compliance, serves as the HIPAA specialist for Healthcare IT Journal. He consistently offers insightful and in-depth perspectives on a wide range of HIPAA-related topics, addressing both typical and complex compliance issues. With his extensive experience, Daniel has made significant contributions to multiple publications such as hipaacoach.com, ComplianceJunction, and The HIPAA Guide, enriching the field with his deep knowledge and practical advice in HIPAA regulations. Daniel offers a comprehensive training program that covers all facets of HIPAA compliance, including privacy, security, and breach notification rules. Daniel's educational background includes a degree in Health Information Management and certifications in data privacy and security. You can contact Daniel via HIPAAcoach.com.

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant
Scroll to Top

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name