Ethical hackers discovered the names, addresses, social security numbers, and tax information of more than 30,000 healthcare workers in a database run by Gale Healthcare Solutions.
More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password-protected database, according to security researcher Jeremiah Fowler and a team of ethical hackers with Website Planet.
Fowler discovered a database run by Gale Healthcare Solutions with 170,239 exposed records that included names, emails, home addresses, photos, and in some cases Social Security Numbers as well as tax documents.
Gale Healthcare Solutions is a Tampa, Florida tech company that connects healthcare workers with healthcare organizations looking to hire people for certain shifts.
Fowler said the information also included forms about certain incidents, disciplines, and terminations.
“We only reviewed a limited sampling of documents and did not review each and every file. The files were hosted on an AWS cloud server and many of the registration documents were open and publicly accessible,” Fowler told ZDNet.
“The images I saw were usually of the healthcare worker’s face or ID badge, but the URL contained their full name, SSN, and a number consistent with an SSN. Here is an example of how the link appeared: .com/gale-registration-documents/documents/last_name_first_name-LPN/-SSN-*********.jpeg.