During a routine open-source intelligence (OSINT) method on February 21, the Cybernews research team found a misconfigured Amazon AWS S3 bucket — storing 98,000 files — on Amazon Web Services. The team attributed the data breach to Lantum, a healthcare workforce management platform based in the United Kingdom.
Formerly known as Network Locum, Lantum rebranded in 2017 and provides the flexibility for general practitioners (GP) to decide when and where they want to work their shifts. Working extensively with the U.K.’s National Health Service (NHS), Lantum collaborates with 2,000 healthcare organizations and 20,000 clinicians. Their ultimate goal is to save the NHS £1 billion in staffing costs. The London-based platform has 65,000 visits per month.
In 2022, Lantum announced it received $15 million in funding from Finch Capital, Piton Capitol, Samos, and Cedar-Sinai Hospital.
The exposed files, dating from 2014 to 2016, included sensitive information about healthcare professionals.
- Full names
- Dates of birth
- Current and past employers
- Home addresses
- Phone numbers
- Email addresses
- Passport information
- Medical documents
- Criminal record
As of June 8, the data storage has been closed to the public. A Lantum spokesperson responded to Healthnews and said "We are able to take action to ensure that the data was fully secured and made inaccessible."
They explained that the data is no longer accessible to unauthorized individuals.
We are, however, treating this matter as a potential data breach and will continue to liaise with any individuals who may be affected should more information be revealed by our investigations.- Lantum spokesperson
Moreover, the spokesperson said that the data in question is information stored on an old version of the Lantum platform, Network Locum, which is no longer live. "We would stress that since 2016, we have been operating on a completely different and highly secure platform, which conforms to the latest UK government approved and international security standards and undergoes regular testing."
Since the breach was discovered, Lantum has informed the regulator and brought in a privacy specialist and cyber consultants to look into the matter.
- Hospital Management. Network Locum rebranded to Lantum