A third-party contractor handling workforce management services for Stanford Health Care has exposed sensitive employee records, payroll data, and hashed passwords after leaving an unprotected database accessible online.
Unsecured Database Discovered by Researchers in Late August
Cybernews researchers discovered the exposed MongoDB database in late August, identifying it as belonging to Perfectshift, a healthcare workforce management provider that works with major medical institutions, including Stanford Health Care (SHC) and Hillsboro Medical Center (HMC).
SHC, affiliated with the Stanford University School of Medicine, is one of the most prestigious hospital systems in the United States. HMC, based in Oregon, provides critical medical care to thousands of patients. Both organizations had their employee data stored in the exposed database.
The researchers reported that the MongoDB instance lacked authentication or encryption, leaving it open to anyone with internet access.
“While it appeared that the data was imported to the database from encrypted sources, the data in the database was not encrypted or access-controlled,” the research team explained.
The issue was responsibly disclosed to Perfectshift in August, and the company secured the exposed system by late October. Cybernews has contacted Perfectshift for an official statement but has not yet received a response.
Over 50,000 Records Exposed, Including Payroll and Login Information
The unprotected database reportedly contained more than 50,000 records linked to staff at both SHC and HMC. The dataset included sensitive workforce-related information typically handled by a staffing or scheduling provider, such as:
- Full names
- Payroll information
- Work email addresses
- Hashed passwords
- Browser agents
- IP addresses
- Session cookies
- Authorization tokens
While the passwords were hashed, the combination of personal and technical identifiers increases the likelihood of targeted phishing, credential stuffing, or social engineering attacks.
Medical Sector Remains High-Value Target for Cybercriminals
Healthcare organizations remain among the most attractive targets for cybercriminals due to their abundance of sensitive personal and financial data. Even indirect exposure, such as this third-party incident, can provide attackers with valuable information to craft convincing scams or gain unauthorized access to hospital systems.
The leak underscores an ongoing trend of third-party cybersecurity failures affecting healthcare institutions — where a vendor’s oversight can compromise the privacy and security of an entire hospital network.
Security experts emphasize the importance of strict vendor risk management, database authentication, and encryption standards, especially when handling data from highly regulated sectors such as healthcare.
