Millions of People in India Might Have Suffered a Breach of Their Medical Data

According to a news report published by TechCrunch, Dr. Lal PathLabs, a Delhi-based healthcare provider and medical testing laboratory, left a gaping hole in its database for months. A publicly accessible database was up for months on end, without any sort of protection.

The lab is one of the biggest of its kind in all of India, with an estimated 70 thousand patients being served on a daily basis. Of course, this means it is also one of the biggest testing centers for Covid-19 in the country.

It turned out Dr. Lal PathLabs were keeping a large number of massive spreadsheets full of personal patient data on an Amazon Web Services storage bucket, but there was no protection in place and no password, which effectively means anyone could access all the records.

The leaky database was discovered by security researcher Sami Toivonen who reported the issue to the laboratory as early as September 2020. According to Toivonen's interview with TechCrunch, access to the leaky storage was cut off, but the researcher received no reply from the laboratory.

According to Toivonen, the data contained in the exposed spreadsheets contained millions of individual patient records, including daily test results. Information contained in the databases consisted of patient names, dates of birth, home addresses, mobile numbers and different tests performed, which is a tangential source of information for the person's health condition. Some of the additional details on certain patients also stated whether or not they are Covid-19 positive.

Researchers Surprised by Lax Database Security

Toivonen said he was "blown away" by the discovery and the fact that an organization so large and dealing with personal information that is so sensitive had left a huge amount of patient personal data virtually completely unprotected.

When TechCrunch contacted the laboratory, they received a formal response that an investigation is underway, but the lab representative never answered any other questions and did not mention whether or not the Indian health provider intends to disclose information about the database exposure to its patients.

By Zaib
October 21, 2020
Computer Security
English
October 21, 2020
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Computer Security

Personal Data of 186,000 Australians Leaked In Service NSW Data Breach

A close-up review of a security breach that took place back in May 2020 revealed that hackers got access to the data of 186,000 Australian citizens. The attack targeted the email accounts of nearly 50 staff members of... Read more

September 23, 2020
News

Human Error Becomes GDPR Data Breach Trend in 2020

Human error has been widely reported to have caused 90% of cyber data breaches in 2019. Information provided by the UK Information Commissioner’s Office (ICO) has lead security experts to believe that nine out of ten... Read more

June 15, 2020
News

A Data Breach at Adidas' Online Shop Hits Millions

Large sporting events like the FIFA World Cup are very important for sports apparel manufacturers. With millions of eyeballs focused on people wearing their products, the attention paid to the brand is enormous. Last... Read more

July 5, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.