Over 10 million records were on the unsecured database.
Almost 2.7 million U.S. patients' profiles and 8.8 million appointment records have been inadvertently exposed by an unsecured MongoDB database.
Believed to have been owned by U.S. dental marketing firm Gargle, Cybernews reports that the database included individuals' names, birthdates, addresses, phone numbers, emails, gender, language preferences, chart IDs, and billing information.
There was also appointment records that contained timestamps, patient metadata, and institutional references, according to Cybernews researchers, who suspected that the data may have spilled from third-party service-linked internal infrastructure. The database has since been secured.
With the massive data compromise potentially resulting in identity theft, insurance fraud, phishing, and social engineering campaigns, Gargle should immediately notify those impacted by the incident in compliance with the Health Insurance Portability and Accountability Act.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
