Cyber Security News

86,000+ Healthcare Staff Records Exposed Due to AWS S3 Misconfiguration

A non-password-protected database belonging to ESHYFT, a New Jersey-based HealthTech company, was recently discovered by cybersecurity researcher Jeremiah Fowler.

The database contained over 86,000 records, amounting to 108.8 GB of sensitive information. This data breach, while not attributed to intentional malice, highlights the critical need for robust cybersecurity measures in the healthcare sector.

Background of ESHYFT

ESHYFT operates a mobile app platform that connects healthcare facilities with healthcare workers across 29 U.S. states, as per a report by Website Planet. WSP-ESHYFT-healthtech-data-breach-key-elementsWSP-ESHYFT-healthtech-data-breach-key-elements

The platform allows nurses to choose shifts that fit their schedules, providing facilities with access to vetted W-2 nursing staff.

The app is widely used, with over 50,000 downloads on the Google Play Store alone. As the healthcare industry increasingly relies on digital platforms, the importance of safeguarding user data cannot be overstated.

Nature of the Data Exposure

The exposed database included sensitive documents such as profile images, monthly work schedules, professional certificates, CVs, and resumes containing personally identifiable information (PII).

This collage shows how app user’s individual profile pictures appeared in the database. Some included lanyards showing medical IDs or other credentials

Notably, it also included medical documents uploaded by nurses as proof for missing shifts or sick leave, potentially falling under HIPAA regulations.

These documents could include diagnoses, prescriptions, or treatments, posing a significant risk if accessed improperly.

Fowler immediately notified ESHYFT upon discovering the breach. The company acknowledged the notice, stating they were working on a solution.

However, it remains unclear if the database was managed by ESHYFT directly or a third-party contractor, or how long it was exposed before being detected.

The exposure of PII, salary details, and work histories could lead to identity theft, financial fraud, or highly targeted phishing campaigns.

Scans of identification documents combined with addresses could provide cybercriminals with enough information to commit such crimes.

Additionally, the lack of data segregation and encryption makes it critical for healthtech companies to adopt proactive cybersecurity strategies.

Recommendations for HealthTech Companies

  1. Implement Mandatory Encryption: Sensitive data should always be encrypted to prevent unauthorized access.
  2. Regular Security Audits: Frequently auditing internal infrastructure can help identify potential vulnerabilities before they are exploited.
  3. Limit Sensitive Data Storage: Data should only be stored for as long as necessary and anonymized where possible.
  4. Multi-Factor Authentication (MFA): MFA should be required for applications handling sensitive information to prevent easy access even if user credentials are compromised.
  5. Establish Data Breach Response Plans: Companies should have a comprehensive plan in place to handle breaches and communicate with affected parties promptly.

The exposure of healthcare staff records due to an AWS S3 misconfiguration underscores the urgent need for healthtech companies to prioritize data security.

As healthcare increasingly relies on digital platforms, safeguarding sensitive information is crucial to protecting both healthcare workers and facilities from potential risks.

Proactive measures and enhanced cybersecurity protocols are essential to mitigate such vulnerabilities and ensure the integrity of sensitive data.

In light of these findings, organizations like ESHYFT must take immediate action to secure their databases and implement robust measures to prevent future breaches.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 days ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 days ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 days ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 days ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

2 days ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

2 days ago