Medical Data Breach of a Different Sort:

Unfortunately, odds are good you’ve received notice at some point in your life about your data being leaked in one capacity or another—usually through someone hacking into a business database. Sometimes, the breach involves a healthcare organization, such as the massive 2016 hack into Banner Health that exposed the protected health information of nearly 3 million people. A recent large data leak affected healthcare in a different way: The breach targeted medical workers. According to Cybernews research team, a massive data leak at a Florida-based recruitment company affected more than 14,000 hospitals and medical workers. In June of 2024, the researchers discovered “an open web directory hosting a database backup belonging to MNA Healthcare. This U.S. company is known for offering staffing services for healthcare workers and connecting them with the most suitable healthcare organizations.” The scope of the leak is staggering. Cybernews reported the compromised information includes:

• data from 11,000 hospitals
• 14,000 doctors’ accounts
• 37,000 potential leads
• 11,000 job applications

The leaked sensitive data included full names, addresses, phone numbers, email addresses, dates of birth, work experience, jobs assigned by MNA Healthcare, communications with MNA Healthcare representatives, encrypted Social Security numbers (SSNs). Criminal intent may include financial fraud and identity theft. The exposed data also makes the victims more susceptible to phishing attacks and other scams. Stolen social security numbers make it easier for criminals to open credit cards, apply for loans, or provide a gateway for collecting more information. Several problems were present regarding data storage, according to Aras Nazarovas, a security researcher at Cybernews. “The data leak causes further concerns regarding the company’s infrastructure security, as the database backup for their platform was improperly stored, as well as a configuration file containing the key likely used to decrypt SSNs.” The investigation is ongoing. If you have been the victim of a data leak or identity theft, immediately report it to your local police, and online at identitytheft.gov. This online resource can help you recover from the incident and provides information so you can protect yourself against future attacks. In addition, you may wish to contact all three credit reporting agencies—Equifax, Experian, and Transunion—and put a credit freeze on your accounts. A data breach is no fun, but with the help of local and national law enforcement, you can recover your assets—and your peace of mind.