Connect with us

Hi, what are you looking for?


Data Protection

Government Subcontractor Leaks Military Healthcare Worker Data

A security researcher claims to have discovered a large volume of data inadvertently leaked online by a subcontractor that provides healthcare services and professionals to the United States government.

A security researcher claims to have discovered a large volume of data inadvertently leaked online by a subcontractor that provides healthcare services and professionals to the United States government.

Potomac Healthcare Solutions provides services to the U.S. Army, the Navy, the Marine Corps, the Air Force, the Army Corps of Engineers, Immigration and Customs Enforcement (ICE) and several other organizations in the public sector. In 2013, after teaming up with Booz Allen Hamilton, Potomac obtained a contract with the U.S. Military’s Special Operations Command (SOCOM).

MacKeeper researcher Chris Vickery discovered that an unprotected remote synchronization (rsync) service linked to a Potomac IP address had been exposing more than 11 Gb of files.

An analysis of the files revealed that they stored various types of information, including the names, email addresses, phone numbers, dates of birth, contract information, work locations, and social security numbers (SSNs) of healthcare professionals working at Potomac facilities and U.S. military installations.

Vickery said the exposed data also included a file containing usernames and passwords for various services, and the names and locations of at least two Special Forces data analysts with top secret clearance.

The expert notified Potomac executives of his findings via phone and email, but he said they did not appear to take him seriously. The leaky file repository was taken offline after the researcher called one of his U.S. government contacts.

“It’s not hard to imagine a Hollywood plotline in which a situation like this results in someone being kidnapped or blackmailed for information,” Vickery said in a blog post. “Let’s hope that I was the only outsider to come across this gem. Let’s really hope that no hostile entities found it. Loose backups sink ships.”

Advertisement. Scroll to continue reading.

Contacted by SecurityWeek, Potomac Healthcare Solutions provided the following statement:

“We are aware of the report from an independent security researcher alleging an unauthorized exposure of sensitive government information. Upon learning of the allegation, we immediately initiated an internal review and brought in an external forensic IT firm for additional support. 

While our investigation remains ongoing, based on our initial examination, despite these earlier reports, we have no indication that any sensitive government information was compromised. The privacy and security of information remains a top priority, and we will continue to work diligently to address any issues or concerns.”

Booz Allen Hamilton stated the following: “We take any allegation of a data breach very seriously, including those from our subcontractors. We are looking into this alleged event.”

UPDATE 01.05.2017 – Potomac Healthcare Solutions has provided the following statement after completing its investigation into this incident:

As a follow-up to the initial communication on this issue, Potomac Healthcare Solutions, with support from an external forensic IT firm, has completed its investigation of a security incident involving the unauthorized access of one of our internal servers.

Despite earlier media reports, our review, which was immediately initiated after the initial questions were raised, has confirmed that the impacted server did not contain any classified government information or protected medical or personal data related to active duty military personnel or their families. However, the affected server did contain files with data of a limited number of current and former Potomac employees’ personal information.

While we have no evidence to suggest that any employee information has been used inappropriately, Potomac is in the process of proactively reaching out to impacted employees to provide guidance on how they can protect themselves and is offering complimentary credit monitoring and identity theft protection services to affected individuals. The privacy and security of personal information is a top priority, and we are committed to taking steps to prevent this type of incident from occurring again in the future.

Related Reading: Topps Customer Data Exposed After Website Hack

Related Reading: Required Insider Threat Program for Federal Contractors: Will It Help?

Related Reading: NSA Contractor Arrested for Theft of Classified Material

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.