Personal details were included, with national insurance numbers and user images found.
Millions of healthcare related documents were discovered in a breach after a publicly exposed database was discovered.
According to a blog by researcher Jeremiah Fowler, the publicly exposed database was not password-protected or encrypted, and contained 7,975,438 files with a total size of 1.1 TB.
The records included images and.PDF files containing work authorisation documents, national insurance numbers, certificates, electronic signatures, timesheets, user images, and government-issued identification documents. There was also 656 directory entries indicating different companies, most of which were healthcare providers, recruiting agencies, or temporary employment services.
Fowler determined that the database and its internal files belonged to Logezy — an employee management and tracking software company. The database was restricted from public access and was no longer accessible after his disclosure.
“Although the records belonged to Logezy, it is not known if the database was owned and managed directly by them or by a third-party contractor,” he said. “It is also not known how long the database was exposed before I discovered it or if anyone else may have gained access to it. Only an internal forensic audit could identify additional access or potentially suspicious activity.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
