CyberSecurityBoard
Sponsor Register Login

86,000+ Healthcare Staff Records Exposed from Misconfigured AWS S3 Bucket

The misconfigured cloud storage contained highly sensitive personally identifiable information (PII), including profile images, work schedules, professional certificates, and medical documents potentially protected under HIPAA regulations, creating substantial risk for affected healthcare professionals across 29 states. Multi-factor authentication (MFA) should be implemented for any application where users access sensitive information, and organizations should establish clear data breach response plans with dedicated communication channels for reporting security incidents. To prevent similar AWS S3 bucket misconfigurations, health tech companies should implement strict access controls using the principle of least privilege, enable default encryption for all stored data, and utilize AWS security features such as Amazon Macie for sensitive data detection. During his investigation, Fowler discovered multiple file types containing sensitive information, including facial images of users, CSV files with monthly work schedule logs, professional certificates, work assignment agreements, and CVs containing additional PII. The exposure of 86,000+ healthcare staff records serves as a reminder that even as technology helps address critical healthcare staffing shortages, it simultaneously introduces new security challenges that require vigilant attention and proactive protection measures. The exposure of healthcare worker data represents a significant risk not only to individual privacy but potentially to critical healthcare infrastructure, as cybercriminals have routinely targeted hospitals and medical facilities in recent years. It remains unclear whether the misconfigured AWS S3 bucket was directly managed by ESHYFT or through a third-party contractor, and no information is available regarding how long the data was exposed before discovery or whether unauthorized parties may have accessed it during the exposure period. Perhaps most concerning was the presence of medical documents apparently uploaded as proof for missed shifts or sick leave, which contained information about diagnoses, prescriptions, and treatments that could potentially fall under HIPAA protection.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Mar 2025 16:10:13 +0000


Cyber News related to 86,000+ Healthcare Staff Records Exposed from Misconfigured AWS S3 Bucket

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
5 months ago Aws.amazon.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
In the jungle of AWS S3 Enumeration - Misconfigured S3 buckets can be a gateway to sensitive data exposure. In this guide, we will delve into advanced methods for S3 bucket reconnaissance - essential for cloud pentesters and cloud security experts to identify and secure vulnerable ...
9 months ago Hackread.com
Cybersecurity in the Healthcare Industry: Protecting Patient Data - In the rapidly advancing era of technology, the healthcare industry faces a critical challenge: protecting patient data from cyber threats. This article will emphasize the significance of cybersecurity in the healthcare industry and explore the ...
1 year ago Securityzap.com
GCP to AWS migration: A Comprehensive Guide - Embarking on a GCP to AWS migration journey can be both exciting and challenging. Before we dive into the technical details, let's explore why businesses might consider migrating from GCP to AWS. While GCP offers a range of services, AWS boasts an ...
1 year ago Feeds.dzone.com
86,000+ Healthcare Staff Records Exposed from Misconfigured AWS S3 Bucket - The misconfigured cloud storage contained highly sensitive personally identifiable information (PII), including profile images, work schedules, professional certificates, and medical documents potentially protected under HIPAA regulations, creating ...
4 hours ago Cybersecuritynews.com
Why healthcare data is often the target of ransomware attacks - Healthcare data in recent years has been a very lucrative target for cyberattacks, particularly ransomware, with attackers holding healthcare information, and potentially patient lives, for ransom. Cybercriminals are increasingly focusing on ...
9 months ago Techtarget.com
CrowdStrike Demonstrates Cloud Security Leadership at AWS re:Invent - CrowdStrike is honored to be named Partner of the Year for several 2023 Geo and Global AWS Partner Awards at Amazon Web Services re:Invent 2023, where we are participating this year as a Diamond Sponsor. These accomplishments demonstrate our ...
1 year ago Crowdstrike.com
Best Cloud Security Providers for Healthcare Services - Cloud Security Providers for Healthcare offer specialized services to protect data and applications hosted in cloud environments. When picking a cloud security providers for healthcare, it's important to think about things like how well they follow ...
1 year ago Cybersecuritynews.com
The Imperative for Robust Security Design in the Health Industry - COMMENTARY. In an era dominated by digital innovation and technological advancements, healthcare companies find themselves at the intersection of immense opportunity and equally unprecedented risk. The digitalization of patient records, electronic ...
1 year ago Darkreading.com
Electronic Frontier Foundation - We're not just talking about the ballot box, but the everyday power we all have to demand government agencies make their records and data available to public scrutiny. At every level of government in the United States, there are laws that empower the ...
1 year ago Eff.org
CVE-2022-49327 - In the Linux kernel, the following vulnerability has been resolved: bcache: avoid journal no-space deadlock by reserving 1 journal bucket The journal no-space deadlock was reported time to time. Such deadlock can happen in the following situation. ...
2 weeks ago Tenable.com
Shaping the Future of Finance: The Cisco and AWS Collaboration in EMEA - The collaboration between Cisco and Amazon Web Services in the Europe, Middle East, and Africa region-combining each company's market leading strengths-continues to deliver impressive outcomes for our customers, notably within the Financial Services ...
1 year ago Feedpress.me
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
5 months ago Aws.amazon.com
Changing How Healthcare Works: Big News in Communication - In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and ...
1 year ago Cysecurity.news
AWS CloudQuarry: Digging for Secrets in Public AMIs - Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. As a best practice, AMI creators should not include credentials, including AWS account credentials, in published AMIs. We wanted to scan all ...
10 months ago Packetstormsecurity.com
Transforming in the Age of Healthcare Digitalization - Healthcare and technology increasingly intersect in today's world, and cybersecurity has become a primary concern for many companies. The recent attack on Change Healthcare serves as a harsh reminder of the vulnerabilities facing the healthcare ...
8 months ago Cyberdefensemagazine.com
US govt probes if ransomware gang stole Change Healthcare data - The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group subsidiary Optum, which operates the Change Healthcare platform, in late ...
11 months ago Bleepingcomputer.com
Unveiling the true cost of healthcare cybersecurity incidents - As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity ...
1 year ago Helpnetsecurity.com
Norton Healthcare discloses data breach after May ransomware attack - Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and ...
1 year ago Bleepingcomputer.com DAIXIN
CVE-2024-37293 - The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or ...
9 months ago Tenable.com
Ransomware's appetite for US healthcare sees known attacks double in a year - Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of ...
11 months ago Malwarebytes.com Rocke LockBit
IoT Adoption in Healthcare: Security Opportunities and Benefits - The Internet of Things (IoT) is the technology that has increasingly become popular in various industries and has been gaining traction in the healthcare sector. With the rise of healthtech, the proliferation of connected medical devices, and the ...
2 years ago Csoonline.com
Cybersecurity Management Lessons from Healthcare Security Breaches - 2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. Unusual activity detected on May 8, 2024, caused Ascension ...
9 months ago Esecurityplanet.com Black Basta
Best Network Security Providers for Healthcare - The exponential growth of Electronic Health records, telemedicine, and interconnected medical devices creates a complex healthcare ecosystem demanding robust network security. Network security providers specializing in healthcare offer a ...
9 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)