84
HEALTHCARE
NEWS
Patient data from EHR vendors found for sale online
By Jackie Drees
G
oogle Chrome and Mozilla Firefox browser extensions were
used to extract and sell users' personal information from
more than 50 companies, including EHR providers DrChro-
no and Kareo, according to e Washington Post.
Washington Post technology columnist Geoffrey Fowler and
independent cybersecurity researcher Sam Jadali examined the
cybersecurity leak. In Mr. Jadali's report "DataSpii: e catastrophic
data leak via browser extensions," he noted six Chrome and Firefox
browser extensions that shared users' data with marketing intelli-
gence service Nacho Analytics, which offered access to website data
for $49 a month, according to the report. Collectively, the six browser
extensions gathered data from more than 4 million users. e names
of the browser extensions are Hover Zoom, SpeakIt!, SuperZoom,
SaveFrom.net Helper, FairShare Unlock and PanelMeasurement.
DrChrono, an EHR vendor, and Kareo, an EHR management
soware, were listed among the companies whose users' data was
exposed on Nacho Analytics' website. From DrChrono, Mr. Fowler
and Mr. Jadali found information including patient names, physician
names and medications listed. Kareo information exposed were pa-
tient names. Kareo told the Post it is working to remove names from
its website page data, according to the report.
Since notifying Google and Mozilla of the cybersecurity leak, Google
remotely deactivated seven browser extensions and Mozilla deacti-
vated two, the Post reports. Mozilla also deactivated a browser exten-
sion in February.
A few days aer the browser extensions were shut down, Nacho Ana-
lytics posted a statement to its website that it experienced a "perma-
nent" data outage and it is no longer accepting new clients, according
to the report.
n
Six browser extensions gathered
data from 4 million users. Access
to the data was available on a
website for $49 per month.
