Touchstone Medical Imaging is a medical firm based in Brentwood Tenn., that provides services such as MRI, CT scans, Ultrasound and Mammography. Today the company announced that it suffered a data breach as the result of an open share that was exposed to the Internet.This shared folder contained billing information of patients including Social Security numbers, names, addresses, date of birth, and phone numbers. Touchstone states that no medical information records were stored in this folder however, the company makes no mention of possible financial information being stored. It is a fair question as they indicated that the information was billing related.This was a breach notice that took a very long time to come to light. The company became aware of the breach in May of 2014. Here we are five months later reading about because it did not think that any of the data had been accessed. But, in September the company “obtained new information” that suggested that the information could have been accessed. They further note that “health insurer name, radiology procedure and diagnosis” was included while saying that medical information was not included. The pieces do not fit together smoothly in this story.Touchstone states, “We deeply regret any inconvenience this may cause you. To help prevent this from happening again, we are reinforcing the education of our employees and the monitoring of our systems regarding the protection of our patients’ information and continually reviewing and enhancing our policies and procedures.” This begs a couple of questions. Why was an individual user able to share this folder on the Internet? Why were there no preventative controls in place to combat this failure in judgement like a firewall as an example? This strikes me that there is more here that needs to be addressed than simply security awareness training for their employees.The company has committed to provide credit monitoring to all affected patients in this case and they will be getting in touch with them. Related content news The end of the road By Dave Lewis May 30, 2017 3 mins Security news WannaCry...ransomware cyberattack as far as the eye can see By Dave Lewis May 15, 2017 4 mins Security news HITB Amsterdam: hackers, waffles and coffee oh my By Dave Lewis Apr 21, 2017 3 mins Security news Fail to patch and wait for the pain By Dave Lewis Apr 20, 2017 3 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe