Cyber Security News

86,000+ Healthcare Staff Records Exposed Due to AWS S3 Misconfiguration

A non-password-protected database belonging to ESHYFT, a New Jersey-based HealthTech company, was recently discovered by cybersecurity researcher Jeremiah Fowler.

The database contained over 86,000 records, amounting to 108.8 GB of sensitive information. This data breach, while not attributed to intentional malice, highlights the critical need for robust cybersecurity measures in the healthcare sector.

Background of ESHYFT

ESHYFT operates a mobile app platform that connects healthcare facilities with healthcare workers across 29 U.S. states, as per a report by Website Planet. WSP-ESHYFT-healthtech-data-breach-key-elementsWSP-ESHYFT-healthtech-data-breach-key-elements

The platform allows nurses to choose shifts that fit their schedules, providing facilities with access to vetted W-2 nursing staff.

The app is widely used, with over 50,000 downloads on the Google Play Store alone. As the healthcare industry increasingly relies on digital platforms, the importance of safeguarding user data cannot be overstated.

Nature of the Data Exposure

The exposed database included sensitive documents such as profile images, monthly work schedules, professional certificates, CVs, and resumes containing personally identifiable information (PII).

This collage shows how app user’s individual profile pictures appeared in the database. Some included lanyards showing medical IDs or other credentials

Notably, it also included medical documents uploaded by nurses as proof for missing shifts or sick leave, potentially falling under HIPAA regulations.

These documents could include diagnoses, prescriptions, or treatments, posing a significant risk if accessed improperly.

Fowler immediately notified ESHYFT upon discovering the breach. The company acknowledged the notice, stating they were working on a solution.

However, it remains unclear if the database was managed by ESHYFT directly or a third-party contractor, or how long it was exposed before being detected.

The exposure of PII, salary details, and work histories could lead to identity theft, financial fraud, or highly targeted phishing campaigns.

Scans of identification documents combined with addresses could provide cybercriminals with enough information to commit such crimes.

Additionally, the lack of data segregation and encryption makes it critical for healthtech companies to adopt proactive cybersecurity strategies.

Recommendations for HealthTech Companies

  1. Implement Mandatory Encryption: Sensitive data should always be encrypted to prevent unauthorized access.
  2. Regular Security Audits: Frequently auditing internal infrastructure can help identify potential vulnerabilities before they are exploited.
  3. Limit Sensitive Data Storage: Data should only be stored for as long as necessary and anonymized where possible.
  4. Multi-Factor Authentication (MFA): MFA should be required for applications handling sensitive information to prevent easy access even if user credentials are compromised.
  5. Establish Data Breach Response Plans: Companies should have a comprehensive plan in place to handle breaches and communicate with affected parties promptly.

The exposure of healthcare staff records due to an AWS S3 misconfiguration underscores the urgent need for healthtech companies to prioritize data security.

As healthcare increasingly relies on digital platforms, safeguarding sensitive information is crucial to protecting both healthcare workers and facilities from potential risks.

Proactive measures and enhanced cybersecurity protocols are essential to mitigate such vulnerabilities and ensure the integrity of sensitive data.

In light of these findings, organizations like ESHYFT must take immediate action to secure their databases and implement robust measures to prevent future breaches.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

12 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

12 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

13 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

14 hours ago

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by the…

14 hours ago

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…

15 hours ago