As a result of a serious data leak at the American recruiting company MNA Healthcare, the personal data of more than 14,000 healthcare workers were exposed. This has created serious security risks, including the risk of fraud and identity theft.
The data breach occurred due to a misconfiguration of MNA Healthcare’s system that allowed access to a backup copy of the database. The database contained the full names, addresses, telephone numbers, email addresses, dates of birth and employment records of health care providers, as well as encrypted Social Security Numbers (SSNs) and temporary passwords. Although the data was encrypted, researchers found encryption keys that allowed attackers to decrypt SSNs and use the data for money fraud and identity theft. The database contained not only the personal information of medical workers, but also their work books and records of communication with representatives of MNA Healthcare. This information can be used in phishing attacks and to create fake profiles.
This incident highlights the importance of properly configuring security systems in companies that work with sensitive information. Despite encrypted SSNs, the leakage of the encryption key poses serious threats to affected healthcare professionals, opening the way for fraudsters to access personal data.