Subj : Millions of UK healthcare
To   : All
From : Mike Powell
Date : Wed Apr 16 2025 09:21 am

Millions of UK healthcare worker records exposed in massive software breach

Date:
Wed, 16 Apr 2025 12:03:00 +0000

Description:
Researchers found unprotected database containing ID cards and other
sensitive data.

FULL STORY

Millions of healthcare workers in the United Kingdom have had their sensitive
data leaked online, after a non-password-protected database was found
unsecured on the internet.

Security researcher Jeremiah Fowler found a database 1.1TB in size containing
almost eight million files (7,975,438), including images and .PDF files, work
authorization documents, national insurance numbers, certificates, electronic
signatures, timesheets, user images, and government-issued identification
documents.

Furthermore, the archive contained 656 directory entries indicating different
companies, the majority of which were healthcare providers, recruiting
agencies, and temporary employment services.

Identity theft and other risks

Fowler determined the database belonged to Logezy, an employee management and
tracking software company based in the UK.

He notified Logezy of his findings, and the company locked the database down
shortly after.

To hunt for unprotected databases, researchers would use a specialized search
engine, such as Shodan, and analyze the results.

So far, Fowler has found dozens of similar instances, including ClickBalance
(more than 750 million records), DM Clinical Research (over a million
clinical records), or ServiceBridge (31 million).

Without a detailed forensic analysis, it is impossible to know if a threat
actor already accessed the database and exfiltrated the information found
there.

It is also impossible to know for how long the archive remained unlocked, and
if Logezy managed it, or a third party on its behalf.

These instances are considered a low-hanging fruit for cybercriminals.
Stealing this information does not require phishing, social engineering,
hunting for zero-day vulnerabilities, or exploiting unpatched endpoints.

Yet, the data inside is valuable since its usually up-to-date and can be used
in all sorts of fraud, including wire fraud, payment scams, identity theft ,
and more.

If you have used Logezy in the past, it would be wise to keep a closer eye on
your accounts and credit reports for potentially suspicious activity.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/millions-of-uk-healthcare-worker-record
s-exposed-in-massive-software-breach

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.