Researchers have discovered that a database backup belonging to Florida-based recruitment firm MNA Healthcare was unprotected online, leaving the details of thousands of workers open to anyone.
The company provides staffing services for healthcare workers and connects them with hospitals and organizations in nine states.
Experts in Cyber News He noted that the leaked information included full names, addresses, phone numbers, job titles, work experience and encrypted Social Security numbers (SSNs). Of course, SSNs are particularly concerning, as personally identifiable information can be used by criminals to carry out fraudulent activities and poses a risk of identity theft.
A vulnerable industry
The SSN encryption used “mcrypt,” which is commonly used within the Laravel web application framework, and researchers discovered an exposed environment file containing the Laravel application key. These findings suggest that it may be possible to decrypt the SSNs, putting those affected at risk.
The leaked details from the recruitment firm included information on 11,000 hospitals, 14,000 doctor accounts, 37,000 potential contacts and 11,000 job applications.
“The data leak raises further concerns regarding the security of the company’s infrastructure, as the backup of its platform’s database was stored incorrectly, as well as a configuration file containing the key likely used to decrypt SSNs,” confirmed Aras Nazarovas, a security researcher at Cybernews.
It is unclear how the information was exposed, but the leak could leave victims vulnerable to phishing attacks or scams. The healthcare industry is a particularly popular target as the services are so crucial, with Malicious actors attack hospitals at an unprecedented rate.
Since doctors often have high incomes, they are attractive targets for cybercriminals. With personally identifiable information such as social security numbers, full names, addresses, and phone numbers, malicious actors could commit financial fraud, credential theft, or identity theft. We recommend taking a look at Identity Theft Protections To safeguard your data.
