Almost 8 million healthcare workers in the UK had their sensitive records inadvertently exposed by a misconfigured database belonging to Logezy, an employee data management software company, Hackread reports.
Included in the 1.1 TB database that was neither password protected nor encrypted were individuals' work authorization documents, certificates, national insurance numbers, timesheets, electronic signatures, and images, as well as government-issued identification files, according to an investigation by cybersecurity researcher Jeremy Fowler published on vpnMentor. "The database also contained 656 directory entries indicating different companies, most of which were healthcare providers, recruiting agencies, or temporary employment services," said Fowler. Immediate action has been taken by Logezy to secure the database upon the notification of Fowler. However, additional forensic auditing would be needed to determine the duration of the database's exposure and its potential compromise, as well as details regarding its ownership. Organizations have been urged to adopt data storage segmentation to mitigate potential compromise.
Included in the 1.1 TB database that was neither password protected nor encrypted were individuals' work authorization documents, certificates, national insurance numbers, timesheets, electronic signatures, and images, as well as government-issued identification files, according to an investigation by cybersecurity researcher Jeremy Fowler published on vpnMentor. "The database also contained 656 directory entries indicating different companies, most of which were healthcare providers, recruiting agencies, or temporary employment services," said Fowler. Immediate action has been taken by Logezy to secure the database upon the notification of Fowler. However, additional forensic auditing would be needed to determine the duration of the database's exposure and its potential compromise, as well as details regarding its ownership. Organizations have been urged to adopt data storage segmentation to mitigate potential compromise.
