Gale Healthcare, a healthcare staffing talent platform, responded to media reports of a cybersecurity leak that left workers’ records exposed. The company said the breach occurred in a temporary test environment that had already been deactivated when it was notified of the leak by a researcher. Gale Healthcare also reported that Social Security numbers were not included in the files, contrary to other reports. No further evidence was found of unauthorized access beyond the researcher’s announcement. There is no information that any personal data has been or will be misused.
The leak was reported on Website Planet.
Here is Gale Healthcare’s full statement:
The database was a temporary environment created for an internal system test. When the researcher notified us of a potential vulnerability in September, the environment had already been deactivated and secured.
There is no evidence there was any further unauthorized access beyond the researcher or that any personal data has been, or will be, misused.
Contrary to the report findings, Social Security Numbers were not used in the file names, nor disclosed. Rather, file names featured auto-generated sequential ten-digit Unix timestamps that were used in the testing environment. Dates of birth were also not disclosed, and to our knowledge, the accounts did not contain active links to images of tax documents or other credentials.
Data security and privacy is a core commitment for our company. We take that commitment very seriously and continue to take strides to protect all clinician data that we hold.