The security research team at VPNOverview has uncovered a data breach that could have compromised nearly 100,000 doctors, nurses, and other healthcare professionals working at major hospitals across the United States.
PlatformQ — self-described as a “leading provider of digital engagement solutions” for healthcare (PlatformQ Health) and education (PlatformQ Education) — inadvertently published a database backup stored in a misconfigured AWS S3 bucket. Based on the findings, VPNOverview security team believes the leak was marketing data for the generic drug Zarex.
What information was compromised?
Examples of exposed sensitive information are:
- Full names
- Personal email addresses
- Job titles
- Work addresses
- Home, work and private phone numbers
- National provider identifier (NPI) numbers
It’s important to note that NPIs — 10-digit codes used to identify medical professionals and providers — are often used on Medicare or Medicaid forms.