Personal information of 2,373,764 patients from Mexico is publicly available through a misconfigured MongoDB instance.
Data included such fields as Full name and gender, CURP number, Insurance policy number and its expiration date, Date of birth, Home address, ‘Disability‘ and ‘migrant‘ flags.
TPRM report: https://scoringcyber.rankiteo.com/company/hova-health
"id": "hov02861122",
"linkid": "hova-health",
"type": "Data Leak",
"date": "08/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 2373764,
'industry': 'Healthcare',
'location': 'Mexico',
'type': 'Healthcare'}],
'attack_vector': 'Misconfigured MongoDB instance',
'data_breach': {'number_of_records_exposed': 2373764,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full name',
'Gender',
'CURP number',
'Insurance policy number',
'Insurance policy expiration '
'date',
'Date of birth',
'Home address',
'Disability flag',
'Migrant flag']},
'description': 'Personal information of 2,373,764 patients from Mexico is '
'publicly available through a misconfigured MongoDB instance. '
'Data included fields such as Full name and gender, CURP '
'number, Insurance policy number and its expiration date, Date '
'of birth, Home address, ‘Disability‘ and ‘migrant‘ flags.',
'impact': {'data_compromised': ['Full name',
'Gender',
'CURP number',
'Insurance policy number',
'Insurance policy expiration date',
'Date of birth',
'Home address',
'Disability flag',
'Migrant flag'],
'systems_affected': 'MongoDB instance'},
'title': 'Data Breach of Mexican Patient Information',
'type': 'Data Breach',
'vulnerability_exploited': 'Misconfiguration'}