Guardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years.
The California-based firm, which has performed over 500,000 blood tests, is notifying an undisclosed number of individuals that an employee inadvertently exposed their private medical data.
The data, which included patient names, ages, medical record numbers, treatment details, and test results, was related to samples collected in late 2019 and 2020.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
Guardant admits the information was mistakenly uploaded by an employee and left exposed from October 5, 2020, to February 29, 2024, before being discovered
Compounding the severity of the breach, Guardant warns that the exposed patient data was accessed and copied by “unidentified third parties” between September 8, 2023, and February 28, 2024.
According to the BitDefender reports, this raises serious concerns about potential fraud, identity theft, and privacy violations for the cancer patients affected.
Many of the impacted individuals are likely unaware that Guardant was even storing their data, as their samples were sent for testing by their physicians and hospitals.
While the company states that financial information and Social Security numbers were not included, criminals could exploit the sensitive medical data alone.
Guardant has not disclosed the total number of patients affected or explained how such a glaring security lapse went unnoticed for so long.
The company advises patients to monitor their medical statements for irregularities, but this generic guidance provides little reassurance.
The breach at Guardant Health is the latest example of how third-party vendors can put patients’ highly personal medical data at risk when proper security controls are not in place.
With the frequency and costs of healthcare data breaches rapidly rising, companies entrusted with sensitive patient information must prioritize data protection.
As a result of this incident, Guardant Health now faces potential legal action, financial penalties, and a loss of patient trust.
Law firms have already announced they are investigating the breach on behalf of affected individuals.
This breach is an unfortunate reminder that in the age of digital health data, a single-employee mistake can have devastating privacy consequences for vulnerable patients.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide
A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert and added two…
Google has once again raised the bar for mobile security by introducing two new AI-powered…
Daren Li, 41, a dual citizen of China and St. Kitts and Nevis, and a…
Google Cloud has announced a significant step forward in its commitment to transparency and security…
GitLab has rolled out critical security updates to address multiple vulnerabilities in its Community Edition…