Warning for healthcare organizations that use mongodb databases

Over the course of the past two weeks, the number of organizations that have had their MongoDB databases accessed, copied, and deleted has been steadily growing.

Ethical Hacker Victor Gevers discovered in late December that many MondoDB databases had been left unprotected and were freely accessible over the Internet by unauthorized individuals. Moto g data recovery software By January 6, he reported that 13 organizations had had their databases copied and deleted. Data recovery windows 10 In their place was a new database containing nothing but a ransom demand.


Database youtube The hacker responsible offered to return the data once a ransom payment had been made – in this case 0.2 Bitcoin ($175).

The number of affected organizations has rapidly increased over the past few days. H2 database console Today, more than 32,000 organizations have been issued with ransom demands and have had their databases deleted, including Emory Healthcare.

Emory Healthcare is not the only U.S. Database browser healthcare organization to have left databases exposed. Database help MacKeeper security researcher Chris Vickery has identified another potential healthcare victim. Database vendors A database used by WAMC Sleep Clinic – which operates the website militarysleep.org – has also been left exposed.

The database, which contains 2GB of information, includes details of 1,200 veterans who suffer from sleep disorders and have registered with the Sleep Clinic. Database key The database contains sensitive information such as veterans’ names, email addresses, home addresses, former rank in the military, and their history of use of the site. Data recovery live cd The database also contains chat logs of conversations between doctors and veterans. Data recovery clean room Those logs contain highly sensitive details of patients’ medical conditions.

As with other organizations that have left their MongoDB databases in the default configuration, information can be accessed by anyone who knows where to look. Database view No login credentials are required. Data recovery fort lauderdale Databases can be accessed without the need for usernames or passwords or any authentication.

The problem affects organizations that are using older versions of MongoDB. Data recovery equipment tools MongoDB had, in previous versions, been set with unrestricted remote access turned on as default. Data recovery lab While later versions of the database platform had this changed with remote access set to off in the default configuration, many organizations are still using older versions and not changed the configuration settings to prevent unrestricted data access.

Unfortunately, many individuals have started to access unprotected MongoDB databases and have deleted data and issued ransom demands. Data recovery online One well known organized ransomware gang has also got involved and is attempting to extort money from 21,000+ organizations.

While some of these ‘hackers’ have exfiltrated data prior to deleting databases, others have not. Database union Ransom demands are being issued nonetheless, although since no copy of the data has been taken, recovery will be impossible even if a ransom payment is made.

Healthcare organizations that use MongoDB databases should ensure that their security settings are updated to prevent remote access by unauthorized individuals. Data recovery houston Given the number of organizations already attacked, failure to do so is likely to result in data being hijacked, or worse, permanently deleted. 7m database soccer basketball Gevers suggests there are more than 99,000 organizations that have misconfigured MongoDB databases and are therefore at risk.

banner