LEHI, Utah — A Consumer privacy watchdog, “Comparitech,” found that Lehi based company Premier Diagnostics was storing sensitive customer information on a publicly accessible server, leading to a potential data breach for over 50,000 customers.
“This data could be in anyone’s hands now,” said Paul Bischoff, editor of comparitech.com. “So, your ID and your medical card are probably somewhere on the dark web.”
Premier Diagnostics operates 11 COVID-19 testing sites across northern Utah. In order to get tested, customers must submit front and back pictures of their insurance ID cards, as well as driver’s licenses, passports or other forms of ID.
“They take a photo of your ID, the front and back of your ID and the front and back of your medical insurance card,” Bischoff said. “They had stored all that data on a server that was publicly accessible online without a password.”
Read: Utah Co. moves to moderate COVID-19 transmission level
Anyone with the knowhow, like cyber criminals, could access all of that personal and private data with minimal effort.
“We don’t know for sure that any malicious parties got to it, but we’ve run honeypot experiments before where we see activity on that sort of unsecured data within a matter of hours,” Bischoff added. “It took them a few days to get it secured.”
Comparitech found that roughly 52,000 Premier Diagnostic patients were affected by the possible breach.
“That’s based on there being about 207,000 total images in the database,” Bischoff said. “That’s four images per person, the front and back of two pieces of ID.”
He said the issue was discovered by a Comparitech researcher, who scans the internet for unsecured databases, on Feb. 22.
“The data was finally secured on March first,” Bischoff said. “So, we know it was exposed between February 22nd and March first.”
More than enough time for internet thieves to get their hands on the data, according to Bischoff.
Read: Cox demands Utahns not be ‘jerks’ with pandemic finish line in sight
“It’s low-hanging fruit; it’s really easy,” he said. “They use the same tools that we do, that we use to find the database in the first place, they use the same tools to find it and steal it.”
Bischoff said luckily there was no payment information tied to the database, but he is concerned about the possible leak of thousands of patient’s medical insurance ID cards.
“Medical insurance fraud is a crime that people can perpetrate using someone else’s insurance, basically identity theft, to get prescription drugs or things like that,” he added.
If you received a COVID-19 test from Premier Diagnostics, Bischoff recommends keeping an eye on future medical bills for any suspicious charges.
Premier Diagnostics has not responded to FOX 13’s requests for comment on the issue at the time this story was published.
This is a developing story; updates will be posted as they are received.