DATABREACHES [.]Net reports a fresh breach preview from Lena Health, with a full leak promised soon. The post notes Lena Health stored 2,134 patients’ complete PHI in an unencrypted database export sitting in a public-facing S3 bucket, alongside 19,542 audio recordings of vulnerable elderly patients discussing medical issues. The breach also includes 68 hospital discharge documents, 1,380 phone numbers linked to vulnerable patients, and associated API keys and staff login credentials.
The information includes complete patient identities with dates of birth, MRNs and case session numbers, call recordings with medical discussions, and prescriptions for controlled substances, among other sensitive data. Houston Methodist Hospital is identified as Lena Health’s main client, with the post indicating the intent to coordinate a class action and to press Houston Methodist to cease usage of Lena Health’s “digital helper” system.
The post repeatedly emphasises the disturbing nature of the data exposed and describes the breach as involving a public-facing exposure of PHI and related data.