Healthcare data leak exposes 8.8 M patient records
Learn More
Cybernews researchers discovered a massive healthcare data leak affecting 2.7 million patient profiles and 8.8 million appointment records. The data was stored in an unprotected MongoDB publicly accessible database, allowing anyone who can find the database to access the sensitive information.
The data owner has not been officially confirmed, but data elements point toward Gargle, a Utah-based dental marketing company that offers marketing, SEO, and web development services specifically for dental practices. While not a healthcare provider itself, its business model relies on handling patient-facing infrastructure and potentially patient data.
The exposed data includes:
- Names
- Dates of birth
- Email addresses
- Physical addresses
- Phone numbers
- Gender information
- Chart IDs
- Language preferences
- Billing details and classifications
- Appointment records with patient metadata
- Timestamps and institutional references
The discovery was made by Cybernews researchers on March 26, 2025, who also disclosed the breach to the company on the same day. Gargle did not respond but the database was secured No breach involving Gargle has been listed on the HHS Office for Civil Rights breach portal, and no public reports have been issued by dental practices.
It's not clear whether the database was accessed by malicious actors while exposed.
