Telemedicine vendor breaches the data of 2.4 million patients in Mexico. A configuration error left a database filled with healthcare data exposed on the internet, and the data could be accessed and changed by anyone without a password. The personal data of 2,373,764 patients was left exposed online after Hova Health, a telemedicine company based in Mexico, misconfigured a MongoDB database. Security researcher Bob Diachecko made the discovery using the Shodan.io search engine, which scans the internet for open ports on connected devices and web servers. The database was publically available and could be accessed or changed by anyone, even without a password. Third-party company: Hova Health.