Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Thousands of US medical professionals have data exposed in major data breach

A medical professional working on a digital device with icons floating in the air.

Researchers have found a database backup belonging to Florida-based recruitment company MNA Healthcare left unsecured online, leaving the details of thousands of workers open to anyone.

The company offers staffing services for healthcare workers and matches them with hospitals and organizations across nine states.

Experts at Cybernews noted the leaked information included full names, addresses, phone numbers, job titles, work experience, and encrypted Social Security numbers (SSNs). Of course, the SSNs are particularly worrying, as the personally identifiable information can be used by criminals to carry out fraudulent activities and presents a risk of identity theft.

A vulnerable industry

The encryption on the SSNs used ‘mcrypt’, which is often used by the Laravel Web application framework, and researchers discovered an exposed environment file containing the Laveral App Key. These findings suggest it would be possible to decrypt the SSNs, putting those affected at risk.

The leaked details from the recruitment company included info from 11,000 hospitals, 14,000 doctors accounts, 37,000 potential leads, and 11,000 job applications.

“The data leak causes further concerns regarding the company's infrastructure security as the database backup for their platform was improperly stored, as well as a configuration file containing the key likely used to decrypt SSNs," Aras Nazarovas, a security researcher at Cybernews confirmed.

It’s not clear how the information was exposed, but the breach could leave victims vulnerable to phishing attacks or scams. The healthcare industry is a particularly popular target since services are so crucial, with malicious actors hitting hospitals at an unprecedented rate.

Since doctors tend to be high earners, they are attractive targets to cyber criminals. With personally identifiable information like SSNs, full names, addresses, and phone numbers, malicious actors could engage in financial fraud, credential stuffing, or identity theft. We recommend taking a look at identity theft protections to safeguard your data.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.