Connect with us

Hi, what are you looking for?

Life

Medical platform ‘leaks’ nearly 100,000 healthcare professionals’ personal data

The leak exposed sensitive information that would have been useful for hackers, including healthcare worker’s full names, personal email addresses, job titles, and work addresses.

WHO warns of Omicron overload as China, Europe impose new curbs
Medical workers in Germany get ready as the WHO warns that the Omicron could overwhelm health systems across the world - Copyright KARENNI NATIONALITIES DEFENSE FORCE (KNDF)/AFP Handout
Medical workers in Germany get ready as the WHO warns that the Omicron could overwhelm health systems across the world - Copyright KARENNI NATIONALITIES DEFENSE FORCE (KNDF)/AFP Handout

The security research team at VPNOverview has uncovered a data breach that could have compromised nearly 100,000 doctors, nurses, and other healthcare professionals working at major hospitals across the U.S. VPNOverview has reached out to Digital Journal with details.

VPNOverview contacted PlatformQ in February 2022 to inform them of the breach, but received no response. They discovered that they had removed access to the database and spreadsheet files by April 2022, thereby sealing the leak.

According to VPNOverview, PlatformQ accidentally published a database backup file in a misconfigured plus AWS S3 Bucket, it was believed the file contained marketing for the drug Zarex. 

The leak exposed sensitive information that would have been useful for hackers, including healthcare worker’s full names, personal email addresses, job titles, work addresses, phone numbers and NPI numbers –  a 10-digit number that will be used to identify a person to their healthcare partners, including all payers, in all HIPAA standard transactions (this is a reference to the Health Insurance Portability and Accountability Act of 1996).

Such identifiers can also be entered to scan publicly available government databases that provide even more detailed information on individual medical professionals, such as mailing addresses, practice addresses, and other identifiers.

In total, workers’ information from 255 different hospitals across the U.S. was exposed. Some of the hospitals affected include.

Hospitals Affected
Yale New Haven HospitalCleveland Clinic
Barnes-Jewish HospitalJohns Hopkins
Mount Sinai Medical CenterBeaumont Hospital
Saint Francis HospitalMemorial Hermann-Texas Medical Center
Tampa General HospitalMassachusetts General Hospital
Duke University HospitalMiami Valley Hospital
MedStar Washington Hospital CenterHouston Methodist Hospital
Medical City DallasNorthwestern Memorial Hospital
Henry Ford HospitalNew York Presbyterian Hospital
University of Maryland Medical CenterHackensack University Medical Center

Mirza, Privacy Expert, at VPNOverview tells Digital Journal: “Our discovery identifies doctors, nurses, and other healthcare workers at major hospitals, among others, across the US. What makes it distinct is that we came across NPI numbers.”

Mirza  adds: “Cybercriminals can assemble and misuse the combination of PII and NPI data and exploit personal and professional information belonging to doctors, nurses, and administrators. This can cause spam emails, calls, and texts affecting medical professionals. Worse yet, targeted phishing attacks and identity fraud. As such, entities that operate in essential sectors like healthcare must be cautious about cloud security basics.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

Coming in top-spot is San Francisco, which is the 'healthiest' city across the main measures.

Entertainment

Actors Kelli Berglund and Amadeus Serafini star in the new rom-com "Wallbanger," which was directed by Tosca Musk.

Business

The US House of Representatives approved a giant aid package for Ukraine, Israel and Taiwan and a bill threatening to ban TikTok.

Tech & Science

Karim Beguir launched the artificial intelligence start-up InstaDeep in Tunisia in 2014 with just two computers and $2,000.