A big MongoDB compromise, Hova Health database breached

mongodb data breach in mexico

There has been a new data breach that may affect massive 2.3 million people from Mexico. A cybersecurity researcher Bob Diachenko was the person who happened upon the data breach. He said that healthcare details of these Mexican citizens were compromised due to a MongoDB vulnerability. The healthcare information was listed in the IoT search engine Shodan. The data was available for free to anyone. What’s alarming is that the data was available and accessible without a password!

Diachenko discovered that the data belonged to a telemedicine company Hova Health Company. The data contained hashed and salted passwords for admin accounts and emails. Diachenko notified the company of the breach and the problem was resolved by Hova Health soon. A total of 2,373,764 patients could be affected by the data breach. All of this patient information was related to the Mexican state on Michoacán.

This data breach comes at heels of the recent data breach at the UnityPoint Health and the massive Singapore health data breach. Cybercriminals are increasingly targeting the healthcare data given the sheer amount of sensitive patient information these healthcare conglomerates control. These attacks call for a serious review of the security infrastructure pertaining to the healthcare sector.