MongoDB Databases Warning for Healthcare Organizations Issued

by | Jan 13, 2017

Over the past two weeks, the number of organizations that have had their MongoDB databases accessed, copied, and deleted has been on the rise.

Ethical Hacker Victor Gevers found in late December that many MondoDB databases had been left unsecured and were freely accessible over the Internet by unauthorized people. By January 6, he stated that 13 organizations had had their databases copied and deleted. In their place was a new database containing just a ransom demand. The hacker who carried out the attack offered to return the data once a ransom payment had been made – in this case 0.2 Bitcoin ($175).

The number of affected organizations has rapidly grown over the past few days. Today, more than 32,000 organizations have been hit with ransom demands and have had their databases deleted, including Emory Healthcare.

Emory Healthcare is not the only U.S. healthcare group to have left databases easily accessible. MacKeeper security researcher Chris Vickery has found another potential healthcare victim. A database used by WAMC Sleep Clinic – which runs the website – has also been left exposed to a possible attack.

The database, which stores 2GB of data, includes details of 1,200 veterans who suffer from sleep disorders and have attended with the Sleep Clinic. The database stores sensitive information such as veterans’ names, email addresses, home addresses, former rank in the military, and their history of use of the site. The database also holds chat logs of conversations between doctors and veterans. Those logs contain extremely sensitive details of patients’ medical conditions.

As with other groups that have left their MongoDB databases in the default mode settings, information can be accessed by anyone who knows where to look. No login credentials are needed. Databases can be accessed without the requirement for usernames or passwords or any authentication.

The problem damages organizations that are using older versions of MongoDB. MongoDB had, in older versions, been set with unrestricted remote access turned on as default. While newer versions of the database platform had this changed with remote access set to off in the default configuration, many organizations are still using previous versions and not amended the configuration settings to prevent unrestricted data access.

Unfortunately, many people have begun to access unprotected MongoDB databases and have deleted data and issued ransom demands. One well known organized ransomware group has also got involved and is trying to extort money from 21,000+ organizations.

While some of these ‘hackers’ have obtained data prior to deleting databases, others have not. Ransom demands are being issued regardless, although since no copy of the data has been taken, recovery will be impossible even if a ransom is paid.

Healthcare groups that use MongoDB databases should ensure that their security settings are updated to prevent remote access by unauthorized people. Given the number of organizations already hit, failure to do so is likely to lead to data being hijacked, or worse, permanently lost. Gevers says there are more than 99,000 organizations that have misconfigured MongoDB databases and are therefore in danger.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy