1. Forum
  2. FidoNet
  3. CONSPRCY

  • Millions of UK healthcare

    From Mike Powell@1:2320/105 to All on Wed Apr 16 09:21:00 2025
    Millions of UK healthcare worker records exposed in massive software breach

    Date:
    Wed, 16 Apr 2025 12:03:00 +0000

    Description:
    Researchers found unprotected database containing ID cards and other
    sensitive data.

    FULL STORY

    Millions of healthcare workers in the United Kingdom have had their sensitive data leaked online, after a non-password-protected database was found
    unsecured on the internet.

    Security researcher Jeremiah Fowler found a database 1.1TB in size containing almost eight million files (7,975,438), including images and .PDF files, work authorization documents, national insurance numbers, certificates, electronic signatures, timesheets, user images, and government-issued identification documents.

    Furthermore, the archive contained 656 directory entries indicating different companies, the majority of which were healthcare providers, recruiting agencies, and temporary employment services.

    Identity theft and other risks

    Fowler determined the database belonged to Logezy, an employee management and tracking software company based in the UK.

    He notified Logezy of his findings, and the company locked the database down shortly after.

    To hunt for unprotected databases, researchers would use a specialized search engine, such as Shodan, and analyze the results.

    So far, Fowler has found dozens of similar instances, including ClickBalance (more than 750 million records), DM Clinical Research (over a million
    clinical records), or ServiceBridge (31 million).

    Without a detailed forensic analysis, it is impossible to know if a threat actor already accessed the database and exfiltrated the information found there.

    It is also impossible to know for how long the archive remained unlocked, and if Logezy managed it, or a third party on its behalf.

    These instances are considered a low-hanging fruit for cybercriminals.
    Stealing this information does not require phishing, social engineering, hunting for zero-day vulnerabilities, or exploiting unpatched endpoints.

    Yet, the data inside is valuable since its usually up-to-date and can be used in all sorts of fraud, including wire fraud, payment scams, identity theft , and more.

    If you have used Logezy in the past, it would be wise to keep a closer eye on your accounts and credit reports for potentially suspicious activity.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/millions-of-uk-healthcare-worker-record s-exposed-in-massive-software-breach

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)