Home Latest Cyber Security News | Network Security Hacking MongoDB Vulnerability Leaked Health Care Data Of 2 Million Mexicans Online

MongoDB Vulnerability Leaked Health Care Data Of 2 Million Mexicans Online

by Abeerah Hashim
Illumina Universal Copy Service vulnerabilities

While the investigations continue for the massive Singapore’s Heath data breach, an independent researcher found something even more alarming. The SingHealth data breach exposed 1.5 million records, however this latest breach exposed 2 million medical records online. This time, those affected include Mexican citizens whose medical information was leaked online due to MongoDB vulnerability.

MongoDB Vulnerability Exposed 2 Million Medical Records

Recently, a researcher, Bob Diachenko, stumbled upon data of more than 2 million Mexican citizens. He found it to be the healthcare details of these citizens, exposed online due to MongoDB vulnerability.

Diachenko discovered via the data via Shodan. He then stated his discovery in his article on LinkedIn. He reported that the data he found is publicly accessible.

“A MongoDB instance was indexed by IoT search engine Shodan and was viewable/accessible/editable without login/password for anybody in the world with the Internet.”

The exposed data includes explicit details of 2,373,764 patients from Mexico. These details include patients’ full names, dates of birth, gender, contact addresses, insurance policy number with its expiration date, disability status, and the unique CURP number of these citizens.

Hova Health Company Identified As Sources Of Data Breach

The researcher, upon finding the data, began analyzing further, after which he identified the source of the breach as Hova Health company.

Hova Health is a telemedicine company outside Mexico that offering telemedicine and software development for the healthcare industry. Diachenko identified Hova Health through the admin email accounts with hovahealth.com domain.

“Database also contained hashed/salted passwords for admin accounts and emails, so I could quickly notify the responsible persons and have a dataset secured quickly.”

However, he also found an entry showing the administrator account with the domain efirmed.care. So, the actual ownership of the data is yet not confirmed. Nonetheless, upon receiving notification from Diachenko, Hova Health quickly fixed the problem.

Still, Diachenko expressed his concern regarding health care data security.

“It is unclear how long the data was publicly exposed or who else except myself had access. This is yet another warning to any company or service provider that handles and stores personal medical data.”

Health data breaches happen frequently these days. A while ago, we heard of massive Singapore’s health data breach that exposed 1.5 million records, including the details of their Prime Minister. Then, the data breach at UnityHealth Point joined the trail, affecting 1.4 million patients. We also frequently report several other medical and PHI data breaches affecting relatively smaller groups of patients. Yet, regardless of the number of victims, such incidents certainly emphasize the need for review and improvement of the data security measures in the healthcare sector.

Are you concerned about your healthcare data? Also considering the sensitivity of the data you’d think there would be stringent security in place so why do you think healthcare data breaches are so frequent? Let us know your thoughts in the comments section.

You may also like