UK Healthcare Platform, Lantum, Leaked 98k Files

During a routine open-source intelligence (OSINT) method on February 21, the Cybernews research team found a misconfigured Amazon AWS S3 bucket — storing 98,000 files — on Amazon Web Services. The team attributed the data breach to Lantum, a healthcare workforce management platform based in the United Kingdom.

Formerly known as Network Locum, Lantum rebranded in 2017 and provides the flexibility for general practitioners (GP) to decide when and where they want to work their shifts. Working extensively with the U.K.’s National Health Service (NHS), Lantum collaborates with 2,000 healthcare organizations and 20,000 clinicians. Their ultimate goal is to save the NHS £1 billion in staffing costs. The London-based platform has 65,000 visits per month.

In 2022, Lantum announced it received $15 million in funding from Finch Capital, Piton Capitol, Samos, and Cedar-Sinai Hospital.

The exposed files, dating from 2014 to 2016, included sensitive information about healthcare professionals.

They include:

  • Full names
  • Dates of birth
  • Current and past employers
  • Home addresses
  • Phone numbers
  • Email addresses
  • Passport information
  • Medical documents
  • Certifications
  • Criminal record
  • Invoices/Payroll

As of June 8, the data storage has been closed to the public. A Lantum spokesperson responded to Healthnews and said "We are able to take action to ensure that the data was fully secured and made inaccessible."

They explained that the data is no longer accessible to unauthorized individuals.

We are, however, treating this matter as a potential data breach and will continue to liaise with any individuals who may be affected should more information be revealed by our investigations.

- Lantum spokesperson

Moreover, the spokesperson said that the data in question is information stored on an old version of the Lantum platform, Network Locum, which is no longer live. "We would stress that since 2016, we have been operating on a completely different and highly secure platform, which conforms to the latest UK government approved and international security standards and undergoes regular testing."

Since the breach was discovered, Lantum has informed the regulator and brought in a privacy specialist and cyber consultants to look into the matter.

1 resource


Leave a reply

Your email will not be published. All fields are required.