Thousands of healthcare records exposed online, including private patient information

News
By published

ESHYFT reportedly kept a large database without a password

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)
  • Security researcher finds finds huge non-password-protected database online
  • It contained personally identifiable information, as well as medical data
  • The database was since locked down

ESHYFT, a technology platform designed for nurses across the United States, reportedly kept an unprotected database online, exposing thousands of sensitive records to anyone who knew where to look.

Security researcher Jeremiah Fowler found the database, which contained 86,341 records, and that it exceeded 100 GB in size. The archive contained all sorts of sensitive data, from names and IDs, to medical reports, and more.

ESHYFT is a technology platform that connects nurses (CNAs, LPNs, and RNs) with per diem shifts at long-term care facilities across the US, offering flexible work opportunities for healthcare professionals and a reliable staffing solution for facilities.

Addressing the problem

It is not known for how long the database remained unprotected, or if any threat actors accessed it before Fowler did. We also don’t know if ESHYFT maintains the database itself, or if it outsourced it to a third party.

“In a limited sampling of the exposed documents, I saw records that included profile or facial images of users, .csv files with monthly work schedule logs, professional certificates, work assignment agreements, CVs and resumes that contained additional PII,” Fowler explained, noting he reported it to both Website Planet, and later - ESHYFT.

“One single spreadsheet document contained 800,000+ entries that detailed the nurse’s internal IDs, facility name, time and date of shifts, hours worked, and more.”

“I also saw what appeared to be medical documents uploaded to the app. These files were potentially uploaded as proof for why individual nurses missed shifts or took sick leave. These medical documents included medical reports containing information of diagnosis, prescriptions, or treatments that could potentially fall under the ambit of HIPAA regulations.”

After Fowler reported his findings to ESHYFT, the firm locked the database down a month later, telling him it was, "actively looking into this and working on a solution”.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Data leak
Top healthcare company exposes data on millions of patients - find out if you're affected
healthcare
Over a million clinical records exposed in data breach
Data leak
Popular online bill paying site leaks data of thousands of users
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Security padlock and circuit board to protect data
Foh&Boh data leak leaves millions of CVs exposed - KFS, Taco Bell, Nordstrom applicants at risk
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in new thrilling F1 trailer
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Jason Sudeikis' Ted Lasso pointing at someone in Ted Lasso season 2
Believe it, baby: Ted Lasso season 4 is officially in development for Apple TV+ and Jason Sudeikis will reprise his role as the titular soccer coach
More about security
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
China

Juniper patches security flaws which could have let hackers take over your router
The small Anker charging station is balanced on its front edge. The word Anker is printed on the front of the charger, which is also the back of the watch charging module.

This little fold-up MagSafe charging station is my new top pick for every trip
See more latest
Most Popular
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in new thrilling F1 trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Nvidia RTX 6000
Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
Hasselblad X2D 100C camera in user's hand, their blue jacket in background
My dream Hasselblad camera is getting a sequel soon, according to new leaks – here are 5 upgrades I’m hoping for
Harry Halpin, CEO and co-founder of Nym Technologies, and Chelsea Manning, Nym Technlogies' security consultant, on stage at the Frontline Club in London during the NymVPN launch on March 13, 2025.
NymVPN is now live – here's everything you need to know
Sony UBP-X700/K shown from the front
Sony launches new version of the best cheap 4K Blu-ray player that drops the streaming tech – but the price looks odd
Ethernet cables with IP addresses in the background
You can now use an IPv4 address as business collateral - and it could be worth millions
Close-up of woman using AirPods Pro 2
AirPods could catch up with Samsung buds with a live translation free upgrade in iOS 19