Data leak exposes 14,000 US medical professionals: what we know so far


A massive data leak at a Florida-based recruitment company has affected more than ten thousand hospitals and medical workers.

On June 20th, the Cybernews research team discovered an open web directory hosting a database backup belonging to MNA Healthcare.

The US company is known for offering staffing services for healthcare workers and connecting them with the most suitable healthcare organizations. It currently operates in nine states.

ADVERTISEMENT

The leak was caused by a misconfiguration of the company’s systems, which exposed files that were not meant to be publicly accessible. The database backup, dated June 2nd, 2024, contained a vast amount of personal data, putting medical professionals at risk.

The leaked sensitive data included:

  • Full names
  • Addresses
  • Phone numbers
  • Email addresses
  • Dates of birth
  • Work experience
  • Jobs assigned by MNA Healthcare
  • Communications with MNA Healthcare representatives
  • Encrypted Social Security Numbers (SSNs)
  • Hashed temporary passwords to access the platform

Since doctors in the US earn an average of around $350K a year, they’re particularly attractive targets for cybercriminals. The leaked information could have been exploited by malicious actors to compromise accounts, carry out credential stuffing, and engage in financial fraud and identity theft.

Additionally, the exposed data could have facilitated phishing attacks, spam campaigns, and various scams, posing significant risks to the affected individuals.

mna healthcare
List of hospitals and medical institutions that MNA Healthcare works with
mna healthcare
Doctor and MNA healthcare employee profiles
ADVERTISEMENT
mna healthcare
Document names, including license copies, and resumes

Threat of identity theft

The SSNs of medical staff were among the leaked data, which is a major cause for concern. While the numbers were encrypted, this does not guarantee security.

The data was encrypted using the encryption type known as ‘mcrypt’, commonly used by the Laravel Web application framework. After a thorough investigation, researchers found an exposed environment file (.env) containing the Laravel App Key, likely used to encrypt healthcare workers' SSNs.

The discovered information strongly suggests that it would be possible to successfully decrypt the encrypted SSNs.

mna healthcare key
A possible SSN decryption key was leaked on another endpoint, along with credentials to a different database.

SSNs play a crucial role in verifying personal identity in the US, so leaking them poses a considerable risk of identity theft. Threat actors might use stolen SSNs to open credit accounts, apply for loans, engage in other fraudulent activities under your name, or use your SSN as a gateway to collect more personal information.

Stolen SSNs can be used to file false tax returns and claim refunds, causing complications with legitimate tax filings. Employment fraud is also a concern, with potential misuse of your SSN to secure benefits or falsify employment records.

“The data leak causes further concerns regarding the company's infrastructure security as the database backup for their platform was improperly stored, as well as a configuration file containing the key likely used to decrypt SSNs,” said Aras Nazarovas, a security researcher at Cybernews.

“It suggests other similar security issues may be present in the company's infrastructure.”

ADVERTISEMENT

Cybernews has contacted the company, and the misconfiguration has been secured. An official comment has yet to be received.

mna healthcare
Email content and call logs