Private Information of Thousands of Children Exposed in Medical Software Data Breach

Jeremiah Fowler

Jeremiah Fowler

Director of Security Research and Senior Communications Consultant

2 minutes read
Private Information of Thousands of Children Exposed in Medical Software Data Breach - Security Discovery

Recently I discovered a non-password protected database that contained over 16,000 records. These records contained personally identifiable information (PII) of children. This information included their names, date of birth, Patient ID number, home address, school attended, special needs, medical diagnoses, behavioral or social problems, and more data that appears to be recent. Upon further research references to Tridas eWriter. According to online sources; The Tridas Group LLC offers software that works with schools and parents to facilitate the diagnosis and management of children with ADHD, Autism, learning challenges, and other disorders or common conditions.

The findings appeared to be a collection of records from Tridas eWriter questionnaires completed by parents, which the Tridas Center (where assessments of children would take place) suggested should be completed before the first evaluation appointment. I sent a responsible disclosure notice to several contacts of the now closed Tridas Center and public access was restricted shortly after, but no one replied to my responsible disclosure notice.

The database included the following:

My full report can be seen here:

← Back to Blog

Got your attention?

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform. Protect your business proactively - get in touch today for personalized digital security solutions.

Address
Business Development
Virginia, United States
Address
Research & Development
Kyiv, Ukraine
Address
Technical HQ
Hamburg, Germany