MNA Healthcare exposes sensitive information of medical professionals

A data breach involving MNA Healthcare, a Florida-based recruitment company specializing in staffing services for healthcare workers, has exposed sensitive information belonging to thousands of medical professionals and associated entities.

The breach was caused by a backup of a database unsecured online, making personal and professional data accessible to unauthorized individuals. The exposed database backup was found unsecured online, along with a configuration file that contained an environment variable (Laravel App Key) used in the encryption process. The SSNs were encrypted using mcrypt, a deprecated encryption library often used by the Laravel web application framework. With the exposed environment file containing the encryption key, it is possible for attackers to decrypt the SSNs, putting affected individuals at risk of identity theft and fraud.

Exposed Data Types:

• Full names
• Addresses
• Phone numbers
• Job titles
• Work experience
• Encrypted Social Security numbers (SSNs)

The breach exposed data of 14,000 doctors, 11,000 hospitals, 37,000 potential leads and 11,000 job applications

MNA Healthcare has not released a public statement addressing the breach or confirming the details found by Cybernews researchers. There is no information on whether the affected individuals have been notified or what steps the company is taking to secure its infrastructure.