Data Breach Exposes Sensitive Information of Healthcare Workers in the USA

A misconfigured cloud server has resulted in the exposure of sensitive information belonging to tens of thousands of healthcare professionals who utilized a staffing application.

The incident, involving a cloud storage solution provided by Amazon Web Services (AWS), has affected over 86,000 healthcare workers and medical staff across 29 states in the United States. The data breach was brought to light by cybersecurity researcher Jeremiah Fowler from Cybernews, who identified the vulnerability.

Fowler discovered the unsecured database on January 4 and alerted the company, Eshyft, two days later. Despite the company's commitment to address the issue, the sensitive data remained publicly accessible for more than a month before the vulnerability was finally rectified on March 5.

The Eshyft application is designed to facilitate the swift filling of open shifts in hospitals and long-term care facilities with certified nurses and caregivers. The app has seen over 50,000 downloads on the Google Play Store and is also available in the Apple App Store.

Among the exposed records were profile pictures, identification documents, driver's licenses, Social Security cards, work hour logs, employment contracts, resumes, and medical records. This breach raises significant concerns about the potential for identity theft and other criminal activities, as the compromised information could be exploited by malicious actors.

The duration for which the security vulnerability was accessible prior to its discovery remains uncertain. Eshyft has yet to respond to inquiries from various media sources regarding the breach.