Serviceaide Leck reveals records of 500,000 Catholic health patients

An incorrectly configured database at IT IT provider of Enterprise Provider Serviceaide has uncovered sensitive health and personal information on around 500,000 (483.126) patients with Catholic health, a non-profit health system based in New York.

Serviceaide confirmed the data leak in a message published on its website, in which the incident comes from an elasticsearch database, which was accidentally made open to the public. The exposure took place between September 19 and November 5, 2024. The leak was discovered on November 15, 2024, and a complete review was only completed recently.

Although there is no confirmed evidence that the data was downloaded or abused, the company admitted that it cannot rule out this option.

What was endangered?

The exposed database contained a variety of sensitive details. Depending on the person, the data may have included:

• Full names
• Dates of birth
• Prescription data
• Social security numbers
• Health insurance details
• Health service provider information
• Treatment and clinical information
• Hospital and account numbers
• E -mail addresses, username and passwords

Serviceaide sends notification letters to data subjects for whom it has valid mailing addresses.

Expert insight

Darren Guccione, CEO of Keeer Security, commented on the broader effects of the leak.

“The volume of health and personal data, which is exposed in this incident, indicates a major problem in the entire sector. The violations like this often take years to fully assess the further developing regulations and the difficulties in persecution how data can be used across the board,” said Guccione.

He noticed that there were no signs of fraud fraud, but the type of exposed information can be reused long after the violation, which makes it essential for the victims to now take protective measures.

Next steps for patients

Serviceaide recommends that those affected monitor their credit reports, change passwords associated with their medical accounts, and consider their credit. Free credit reports can be accessed by annual creditreport.com or by phone at 1-877-322-8228.

You can find more details on the website of every company.

Serviceaide has taken steps to secure the exposed database and said that new security protocols have been added to reduce the risk of future incidents. It also works with federal supervisory authorities, including the Ministry of Health and Human Services, which publicly lists the violation of the portal for civil rights violations.

This incident shows a persistent challenge in the entire healthcare system and is closely secured by third -party systems, while they handle large amounts of sensitive data. Although health service providers and providers are working to secure their online infrastructure, a single configuration error can expose patients to long-term risks.