Massive Data Exposure: 2.7M U.S. Patient Profiles Leaked in Unsecured MongoDB Breach
A misconfigured MongoDB database, linked to U.S.-based dental marketing firm Gargle, exposed 2.7 million patient profiles and 8.8 million appointment records, according to researchers at Cybernews. The unsecured database—since secured—contained sensitive personal data, including names, birthdates, addresses, phone numbers, emails, gender, language preferences, chart IDs, and billing details, as well as appointment timestamps, patient metadata, and institutional references.
Investigators suspect the leak originated from third-party service-linked infrastructure, raising concerns about supply chain vulnerabilities. The exposed data poses significant risks, including identity theft, insurance fraud, phishing, and social engineering attacks. Under the Health Insurance Portability and Accountability Act (HIPAA), Gargle is required to notify affected individuals, though no official confirmation of such notifications has been reported.
The incident underscores the persistent threat of misconfigured cloud databases, which remain a leading cause of large-scale data exposures. No evidence of malicious access has been disclosed, but the scale of the leak highlights the potential for long-term misuse of compromised medical and personal records.
Source: https://www.scworld.com/brief/millions-of-us-patient-data-exposed-by-mongodb-misconfiguration
Gargle cybersecurity rating report: https://www.rankiteo.com/company/gargle
"id": "GAR1766053854",
"linkid": "gargle",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2.7 million patients',
'industry': 'Healthcare Marketing',
'location': 'U.S.',
'name': 'Gargle',
'type': 'Dental Marketing Firm'}],
'attack_vector': 'Misconfigured Database',
'customer_advisories': 'Individuals urged to monitor for suspicious emails '
'and unauthorized medical or insurance activity.',
'data_breach': {'number_of_records_exposed': '11.5 million (2.7M profiles + '
'8.8M appointment records)',
'personally_identifiable_information': ['Names',
'Birthdates',
'Addresses',
'Phone Numbers',
'Emails',
'Gender',
'Language Preferences',
'Chart IDs'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information',
'Appointment Records',
'Billing Information']},
'description': 'An unsecured MongoDB database owned by U.S. dental marketing '
'firm Gargle inadvertently exposed almost 2.7 million U.S. '
"patients' profiles and 8.8 million appointment records. The "
'exposed data included personal and sensitive information, '
'leading to risks of identity theft, insurance fraud, '
'phishing, and social engineering campaigns.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': '2.7 million patient profiles and 8.8 million '
'appointment records',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential HIPAA violations',
'payment_information_risk': 'High (billing information exposed)',
'systems_affected': 'MongoDB database'},
'post_incident_analysis': {'root_causes': 'Misconfigured MongoDB database '
'likely linked to third-party '
'service infrastructure'},
'recommendations': 'Affected individuals should seek identity theft '
'monitoring services and be vigilant of suspicious emails '
'and unauthorized medical or insurance record activity.',
'references': [{'source': 'Cybernews'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': 'Recommended to notify '
'affected individuals'},
'response': {'communication_strategy': 'Urged affected individuals to be '
'vigilant of suspicious emails and '
'unauthorized activity',
'containment_measures': 'Database secured'},
'title': 'Gargle Dental Marketing Firm Exposes 2.7M Patient Profiles and 8.8M '
'Appointment Records',
'type': 'Data Breach',
'vulnerability_exploited': 'Unsecured MongoDB Instance'}