Systema Software, which provides software solutions for claims management, is investigating a breach (although it was discovered, accessed and confirmed by an independent third party) involving information of 1.5 million people, including 1 million residents of Kansas. The information, including names, addresses, phone numbers, Social Security numbers, claims data, drug test results, medical services provided, dates of treatment, claimant ID numbers, payment information, rejection of claims and details of how the insurance carriers would defend certain claims were posted to the cloud via Amazon Web Services.

According to the individual who discovered the breach, the posted data included details of “more than 5 million financial transaction, over 1000 entities that had data exposed, and hundreds of thousands of injury reports.” In addition,  the data included “tons of financial transaction data, bank accounts with routing numbers, and check numbers.” The posting appears not to have been caused by hackers, but instead by human error.

Systema Software contends that only the one individual had gained unapproved access to the data storage system. Nonetheless, this isn’t the first story about human error causing highly sensitive data to become exposed and posted on the Internet.  It is important to put procedures in place to mitigate this risk in an organization