Misconfiguration exposes MNA Healthcare data

Cybernews reports that U.S. healthcare recruitment firm MNA Healthcare had information from 14,000 doctors' accounts, 11,000 hospitals, 37,000 possible leads, and 11,000 job applications exposed as a result of an unsecured database backup.

Such database misconfiguration has leaked healthcare professionals' full names, birthdates, phone numbers, addresses, email addresses, work experiences, assigned jobs, communications with MNA Healthcare, hashed temporary passwords, and encrypted Social Security numbers, according to Cybernews researchers. Despite SSN encryption of SSNs with 'mcrypt,' the leak of the Laravel App Key potentially used for such a security process increases the risk of decryption and targeting in phishing and fraud attacks. "The data leak causes further concerns regarding the company's infrastructure security as the database backup for their platform was improperly stored, as well as a configuration file containing the key likely used to decrypt SSNs. It suggests other similar security issues may be present in the company's infrastructure," said researcher Aras Nazarovas.

