Cybernews reports that almost 2.7 million U.S. patients' profiles and 8.8 million appointment records have been inadvertently exposed by an unsecured MongoDB database believed to have been owned by U.S. dental marketing firm Gargle.Included in the misconfigured MongoDB instance, which has since been secured, were individuals' names, birthdates, addresses, phone numbers, emails, gender, language preferences, chart IDs, and billing information, as well as appointment records that contained timestamps, patient metadata, and institutional references, according to Cybernews researchers, who suspected that the data may have spilled from third-party service-linked internal infrastructure. With the massive data compromise potentially resulting in identity theft, insurance fraud, phishing, and social engineering campaigns, Gargle should immediately notify those impacted by the incident in compliance with the Health Insurance Portability and Accountability Act. Meanwhile, individuals who may have been affected were urged to be vigilant of suspicious emails and unauthorized medical or insurance record activity, as well as seek identity theft monitoring services.
The attack involved the theft of OAuth credentials from Klue's Battlecards integration, which threat actors then used to access and exfiltrate data from customer Salesforce instances.
The Shadowbyt3$ threat group claimed responsibility for the incident, alleging the exfiltration of sensitive employee data, including bank statements and W-9 forms.
The ShinyHunters gang is exploiting a combination of old and zero-day vulnerabilities, referred to as a "gadget chain," to target both cloud and on-premises Oracle PeopleSoft instances.
