200,000 patient records exposed by hardcoded credentials and improper access controls