Posted on mongodb google news. Visit mongodb google news

Cybersecurity researchers have discovered a massive database online, exposing 2.7 million patients and 8.8 million records, all of which were found to be fully accessible to the public without any password protection or other security. 

According to a report from Cybernews, the database is an exposed MongoDB containing appointment records and other details on dental patients. As of writing, the owner of the database remains unconfirmed. However, clues point to it originating from Gargle, a marketing group that works with systems specializing in oral health, in an effort to bring in more clients and expand their patient base. 

Gargle’s work often relies on managing patient care databases and other infrastructure, Cybernews said. In this case, it seems that may also mean patient records, assuming this lot was exposed by the marketing company. 

Information online includes names, birth dates, addresses, contact information, and patient demographic information, such as gender. It also includes appointment records, including some procedure information and chart IDs from various institutions. 

Cybernews said the data could be easily discovered with any scanning tool and any actor with basic cybersecurity knowledge could gain access to the full trove. 

Gargle is based in Utah. The full-service marketing group often builds websites for dental practices that allow patients to log in and schedule appointments, get updates from their attending clinicians and more. As for how the database ended up publicly available online, Cybernews said it’s most likely an oversight. 

“MongoDB databases power thousands of modern web applications, from e-commerce platforms to healthcare portals,” the researchers wrote. “In this case, the leak likely stemmed from a common and often overlooked vulnerability where databases are left exposed without proper authentication due to human error.”

Cybernews called this type of breach a “recurring blind spot that continues to haunt companies of all sizes and across various industries.”

Article originally posted on mongodb google news. Visit mongodb google news