It has been reported that a MongoDB database was exposed online that contained health care information for 2 million patients in Mexico. This data included information such as the person’s full name, gender, date of birth, insurance information, disability status, and home address. IT security experts commented below.
David Johansson, Principal Consultant at Synopsys:
“This is not the first time something like this happens, and unfortunately it won’t be the last time either. A very similar incident affected Mexican voter records a few years ago, where data about 93.4 million voters were exposed from a misconfigured MongoDB server.
The reason this happens is often because someone installs a MongoDB database without configuring it securely, and unfortunately MongoDB had many insecure default settings that are not suitable for a production environment:
- Database server is exposed on all network interfaces by default, which means it’s directly exposed to hackers on the Internet if the server is connected to the Internet and not protected properly.
- MongoDB database does not require authentication to connect by default, which means anyone with network access to the database server can query and retrieve data from it.
These are two of the most important settings that need to be changed and configured securely when installing MongoDB, especially on Internet-facing servers.”
Ryan Wilk, VP at NuData Security:
“Any time data is left unprotected it represents an issue for the organisation in question as well as the individual, but healthcare data can be particularly damaging to those involved. This kind of PII is among the most sensitive that you can imagine, and provides insight into an individual that cybercriminals could use for further cybercrime such spear phishing, blackmail or even identity fraud. The database, which was not even password protected, is a telling example of why organisations need to move past the password/username model of authentication, instead focusing on the more secure methods of passive biometrics in combination with two-factor authentication.”
Ilia Kolochenko, CEO at High-Tech Bridge:
“Recurrent researches of popular open source software conducted by High-Tech Bridge suggest that many more bugs likely remain undetected. Nonetheless, the remediated vulnerabilities definitely brings OpenERM to a better overall security level and probably even cover some 0days exploited in the wild by cybercriminals.
Now, however, the main risk for the patients and their data will be medical institutions who may unreasonably delay patching or even won’t patch at all. Attackers will certainly start exploiting the vulnerabilities found very soon, as health records can be traded at a very attractive price on the Black market. “
Javvad Malik, Security Advocate at AlienVault:
“This incident shows how trivial it is for anyone using Shodan or similar search tools to find services exposed publicly. Couped with how easy it is for companies to upload entire databases to the cloud, and how frequently such breaches appear to occur – it is important that companies undertake at least some basic assurance checks to validate that privacy and security settings are configured appropriately. Furthermore, monitoring should be put in place to detect any unauthorised access or activity.”