Information on U.S. Military Medical Professionals Exposed in Data Breach
The sensitive personnel information of health workers for the U.S. Military’s Special Operations Command (SOCOM) has been exposed in a data breach at Potomac Healthcare, a Pentagon subcontractor.
A total of 11 GB of data was stolen, which included names, social security numbers, addresses, salaries and the security clearance of SOCOM staff. Postings and unit assignments dating back to 1998 were also listed in the breached information. Doctors, nurses and mental health support staff were all named, and some of the exposed records include individuals with top-secret security clearance.
The unprotected data was first discovered by cybersecurity researcher Chris Vickery from MacKeeper. Early analysis indicates the data was exposed when Potomac IT professionals misconfigured the back-up data.
Vickery reported on his blog that, as soon as he discovered the file, he contacted Potomac’s chief executives to get the “publicly exposed” data taken down. After an hour, the exposed information was still on the Internet, so he alerted government agencies, as he believed the data was a risk to national safety. Just 30 minutes later, the data had been deleted.
Since this information included security clearances and staff deployment locations, Vickery believed it would be attractive to “hostile entities.”
Potomac has removed the data, and released this statement:
“We are aware of the report from an independent security researcher alleging an unauthorized exposure of sensitive government information. Upon learning of the allegation, we immediately initiated an internal review and brought in an external forensic IT firm for additional support. While our investigation remains ongoing, based on our initial examination, despite these earlier reports, we have no indication that any sensitive government information was compromised. The privacy and security of information remains a top priority, and we will continue to work diligently to address any issues or concerns.”
Booz Allen Hamilton, which is a contractor for whom Potomac is a sub-contractor, has also announced they are investigating the incident.