Author Topic: Health Care Data of 2 Million People in Mexico Exposed Online  (Read 150 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35125
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Health Care Data of 2 Million People in Mexico Exposed Online
« on: August 07, 2018, 12:19:25 PM »


A MongoDB database was exposed online that contained healthcare information for 2 million patients in Mexico. This data included information such as the person's full name, gender, date of birth, insurance information, disability status, and home address.

The database was discovered by security researcher Bob Diachenko via Shodan, which is a search engine for all Internet-connected devices and not just web servers. When discovered, this database was fully exposed to the Internet and could be accessed and edited by anyone without a password.


Exposed Health Records

After analyzing the database Diachenko was able to find fields that contained the administrator's email addresses. These emails had the domains of hovahealth.com and efimed.care as shown below.


Administrative accounts

Hovahealth.com belonged to Hova Health, a technology company based out of Mexico that services the healthcare sector. It is not as clear who the efimed.care domain belongs to but maybe a government health service.

Diachenko told BleepingComputer that he contacted Hova Health on the same day that he discovered the database. Hova Health responded with "All the areas that work on this project are reviewing exactly what happened and checking all our infrastructure to avoid this kind of events.." The database was then secured over the next three hours.

While the database entries indicated what individuals were managing the database, Diachenko told BleepingComputer that they never directly claimed ownership of it. So at this point, it is still unknown who the data actually belongs to.

While researching this article, I tried contacting Hova Health and another site that was hosting information about Enfimed but was unable to connect to either of the sites from a U.S. or Mexico IP address.

Exposed MongoDB databases are nothing new and Diachenko and with ransomware and other malware developers actively targeting the healthcare sector, it is important that administrators follow best practices when securing their databases.

"Issues with MongoDB have been known since at least March of 2013 and have been widely reported since," Diachenko stated in his post about this exposed database. "The company has updated its software with secure defaults and has released security guidelines. It's been five years now and these unsecured databases are still widely available on the Internet, almost 54,000 of them now, according to Shodan."

source