Upstream database security incident (Non-HIPAA)
Incident Report for AgileMD
Postmortem

22:50, 1 Nov 2013

MongoHQ indicated that our primary (non-HIPAA) production database suffered 1 malicious connection lasting approximately 3 minutes from a single IP address. This IP address appears to originate in the Netherlands. The database logs MongoHQ provided to us do not include read/download commands so we are unable to verify if any member account information (such as email addresses, names, etc) was extracted during those 3 minutes. In any case, we store users' passwords using bcrypt, a one-way, cryptographically-strong hashing mechanism. We do not store credit card details. Finally, the attacker did not appear to make any modifications to medical content. We will continue to monitor our systems and users accounts for any suspicious activity.

09:31, 1 Nov 2013

Our team has requested additional logging details from MongoHQ to analyze the extent of the exposure. Our first priority is to identify and remedy any potential risks to the quality of the medical content then determine what information may have been extracted by the malicious servers.

22:15, 31 Oct 2013

We received notification from MongoHQ that several AgileMD databases were accessed by malicious servers during their security breach. MongoHQ is responding to the threat in coordination with all of its customers and its partners (including Amazon AWS). They have also reported this incident to the appropriate law enforcement agencies.


MongoHQ's postmortem analysis: http://security.mongohq.com/notice

Posted over 4 years ago. Nov 02, 2013 - 00:34 PDT

Resolved
MongoHQ notified our team that our primary (non-HIPAA) production database suffered 1 malicious connection lasting approximately 3 minutes during the breach disclosed earlier this week. We have already deployed several countermeasures to protect member account information and medical content. We will continue to monitor our systems and users accounts for any suspicious activity. For additional details see the attached Postmortem Report.
Posted over 4 years ago. Nov 01, 2013 - 15:50 PDT