US Military Healthcare Pros Exposed in Privacy Snafu
Healthcare professionals working in the US military, and those with top secret clearance, may have been put in potential danger after an IT error by their employer exposed highly sensitive personal details, a security researcher has revealed.
Mackeeper’s Chris Vickery discovered at least 11GB of publicly exposed files, including the names, locations, Social Security Numbers, salaries, and assigned units for scores of healthcare professionals working at the US military’s Special Operations Command (SOCOM).
The information was completely unprotected by a username or password, he claimed.
“Potomac Healthcare Solutions provides healthcare workers to the US Government through Booz Allen Hamilton (you know, Snowden’s old employer),” explained Vickery in a blog post.
“It is not presently known why an unprotected remote synchronization (rsync) service was active at an IP address tied to Potomac. I do know that when I called one of the company’s CEOs this past Thursday to report the exposure, he did not seem to take me seriously.”
The data eventually went offline but apparently not before Vickery was forced to call the company a second time to force the issue.
As well as healthcare workers, names and locations of Special Forces data analysts with top secret clearance were also exposed in the privacy snafu, he claimed.
“It’s not hard to imagine a Hollywood plotline in which a situation like this results in someone being kidnapped or blackmailed for information,” said Vickery. “Let’s hope that I was the only outsider to come across this gem. Let’s really hope that no hostile entities found it. Loose backups sink ships.”
For its part, Potomac Healthcare Solutions played down the severity of the incident, in a statement sent to Infosecurity:
"We are aware of the report from an independent security researcher alleging an unauthorized exposure of sensitive government information. Upon learning of the allegation, we immediately initiated an internal review and brought in an external forensic IT firm for additional support. While our investigation remains ongoing, based on our initial examination, despite these earlier reports, we have no indication that any sensitive government information was compromised. The privacy and security of information remains a top priority, and we will continue to work diligently to address any issues or concerns."
Booz Allen Hamilton was famously the employer of NSA whistleblower Edward Snowden when he leaked documents to the press in 2013, revealing the extent of US government spying.
Another employee, Harold Martin, is suspected of stealing an even bigger trove of documents – potentially more than 50TB over a two decade period.
Source: Information Security Magazine