Thousands of medical records leaked online — including whether people tested Covid positive

An abstract image of a database
(Image credit: Image Credit: Pixabay)

InHouse Physicians, an Illinois-based healthcare provider that offers on-site medical services and wellness programs to organizations, was leaking sensitive data online via an unprotected database that was available to anyone who knew where to look.

A report from Website Planet and cybersecurity researcher Jeremiah Fowler recently found a non-password-protected database containing 148,000 records belonging to the healthcare company.

The archive contained people’s full names, their phone numbers, and whether or not they were cleared to enter an event, or tested positive for Covid-19 and denied entry. The entire database was 12GB heavy, and was locked down soon after Fowler reached out.

SIM-swapping and identity theft

“In the publicly exposed PDF files, I saw information indicating statuses of attendees for a wide range of events such as investor forums, family planning services, and other potentially sensitive sectors that could be high-value targets for cyber criminals,” Fowler explained.

While exposing “just” names and phone numbers might not sound like much, it’s more than enough for skilled cybercriminals. Fowler said he used free search engine and open source tools available to the general public and fed them the obtained information. They returned further identification details, helping him create an even bigger profile of potential targets. 

Furthermore, knowing a person’s phone number opens them up for potential SIM-swapping attacks, which are often used to bypass multi-factor authentication and access high-value accounts such as banking, social media, or business platforms. 

Unsecured databases remain one of the most common and most destructive causes of data leaks. For example, in mid-April 2024, taxi firm iCabbi exposed sensitive information on more than 300,000 taxi passengers in the UK and Ireland. This database was also discovered by Fowler, who confirmed it contained more than 20,000 records, and included Personally Identifiable Information (PII) such as names, emails, and phone numbers. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
healthcare
Over a million clinical records exposed in data breach
Data Breach
Thousands of healthcare records exposed online, including private patient information
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Data leak
Popular online bill paying site leaks data of thousands of users
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Data leak
Top collectibles site leaks personal data of nearly a million users
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI