A non-password protected database containing 957,000 records from Freedom Healthcare Staffing in Aurora, Colorado has been found.
Security researcher, Jeremiah Fowler discovered the database on September 16 – to which it contained intimate details of employees, internal notes, possible internal email communications, job seeker and recruiter data, IP addresses, ports and pathways.
“In a sampling of the documents I read for verification purposes, I saw failed drug tests (without prescriptions for those drugs), a nurse being accused of taking a patient’s painkillers, complaints about a hospital’s illegal interference in nurses trying to unionize, and many more complicated situations,” Fowler wrote.
Fowler added that in one document a manager had cited a news article of a nurse who had been arrested, to which the manager then instructed an employee to check if that nurse’s name was in their system or if the nurse had ever worked for Freedom Healthcare Staffing.
“These notes were so detailed that several records I saw even contained Social Security Numbers in plain text.”
Fowler notified the company and soon after the database was secured.
It remains unclear as to if Freedom Healthcare Staffing has informed their employers, partners or the authorities about the data exposure. Additionally, it remains unknown as to how long the data was exposed for, and who may have gained access to the database – which is rather worrying, given the sensitive nature of the information discovered.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/