A MongoDB database was exposed online that contained health care information for 2 million patients in Mexico. This data included information such as the person's full name, gender, date of birth, insurance information, disability status, and home address.
The database was discovered by security researcher Bob Diachenko via Shodan, which is a search engine for all Internet connected devices and not just web servers. When discovered, this database was fully exposed to the Internet and could be accessed and edited by anyone without a password.
After analyzing the database Diachenko was able to find fields that contained the administrator's email addresses. These emails had the domains of hovahealth.com and efimed.care as shown below.
Hovahealth.com belonged to Hova Health, a technology company based out of Mexico that services the health care sector. It is not as clear who the efimed.care domain belongs to, but may be a government health service.
Diachenko told BleepingComputer that he contacted Hova Health on the same day that he discovered the database. Hova Health responded with "All the areas that work on this project are reviewing exactly what happened and checking all our infrastructure to avoid this kind of events.." The database was then secured over the next three hours.
While the database entries indicated what individuals were managing the database, Diachenko told BleepingComputer that they never directly claimed ownership of it. So at this point, it is still unknown who the data actually belongs to.
While researching this article, I tried contacting Hova Health and another site that was hosting information about Enfimed, but was unable to connect to either of the sites from a U.S. or Mexico IP address.
Exposed MongoDB databases are nothing new and Diachenko and with ransomware and other malware developers actively targeting the health scare sector, it is important that administrators follow best practices when securing their databases.
"Issues with MongoDB have been known since at least March of 2013 and have been widely reported since," Diachenko stated in his post about this exposed database. "The company has updated its software with secure defaults and has released security guidelines. It's been five years now and these unsecured databases are still widely available on the Internet, almost 54,000 of them now, according to Shodan."