MolinaHealthcare.com Exposed Patient Records
Earlier this month, KrebsOnSecurity featured a story about a basic security flaw in the Web site of medical diagnostics firm True Health Group that let anyone who was logged in to the site view all other patient records. In that story I mentioned True Health was one of three major healthcare providers with similar website problems, and that the other two providers didn’t even require a login to view all patient records. Today we’ll examine such a flaw that was just fixed by Molina Healthcare, a Fortune 500 company that until recently was exposing countless patient medical claims to the entire Internet without requiring any authentication.