Staffing company Gale Healthcare Solutions, which serves long-term care providers and other facility types, is denying claims that a database breach compromised more than 170,000 records containing personal and confidential information.
In a recent blog report, security researcher Jeremiah Fowler, together with the Website Planet research team, wrote that a breach of healthcare worker profiles exposed names; phone, email and home addresses; links to images of the employees; credentials; and Social Security numbers.
“We’re aware of the report and have found a number of issues with it,” Sandra Germann, Gale’s director of communications and public relations, told the McKnight’s Business Daily.
“The database was a temporary environment created for an internal system test. When the researcher notified us of a potential vulnerability in September, the environment had already been deactivated and secured,” she said, adding that “there is no evidence there was any further unauthorized access beyond the researcher or that any personal data has been, or will be, misused.”
Germann also denied that the files contained Social Security numbers. Rather, she said, the file names featured auto-generated, sequential 10-digit identifying numbers. Birthdates also were not disclosed, she said, adding that to the best of her knowledge, there were no active links to credentials or other documents.
“Data security and privacy is a core commitment for our company. We take that commitment very seriously and continue to take strides to protect all clinician data that we hold,” Germann said.