Sensitive information from the U.S. military’s Special Operations Command (SOCOM) medical employees was exposed in a recent data breach. Over 11 GB of data was released and included information such as Social Security numbers and addresses from SOCOM staff members.
Potomac Healthcare is the company responsible for employing the medical workers whose information was stolen. Between 75% and 80% of data breaches originate inside of an organization, which appears to be what happened in this instance.
Sources report that the data was released when a Potomac IT employee misconfigured a data backup.
Researcher Chris Vickery from security company MacKeeper found the unprotected information on the Internet. The data he found included sensitive details about doctors, nurses, and mental health support staff. Some of the leaked data went back as far as 1998.
Vickery reported that after finding the data, he attempted to contact Potomac’s executives. At first, they were skeptical of Vickery’s information, but after notifying several other government agencies, the data was taken down within 30 minutes.
Vickery said that he believes he was the only one who found the information and that it didn’t contain any patient details, only details regarding the medical professionals employed.
Potomac said that although Vickery found the information, there have been no reports that indicate other parties had any access to it. Their investigation is ongoing.
In addition, the information included all of Potomac’s on-site locations in the U.S. and in other countries such as Japan and Ireland. Vickery explained that a good number of the employees whose information was leaked are at the highest level of federal security clearance.
“The privacy and security of information remains a top priority, and we will continue to work diligently to address any issues or concerns,” Potomac explained in a statement.
Both Vickery and Potomac have expressed much concern over any other parties getting access to such sensitive federal information. Vickery said that the nature of the information would make it enticing for any “hostile entities.”