After a massive data hack and subsequent leak, the website of Health Solutions, a Parel-based diagnostic laboratory, was forced to erase its records on Friday evening. The leaked information comprised over 35,000 patients’ medical records, including HIV reports.
The diagnostic laboratory has close to 250 centres across Mumbai and over 10,000 collection points in various states in India. The website (www.hsppl.com) had over 40,000 files, of which an estimated 30,000 to 35,000 were related to patients’ records while the rest were either html files or administrative documents.
Watch What Else Is Making News
“We have erased the entire data from our website to protect patients’ details,” said website developer Sunil Mourya.
The data had, however, remained available for several hours over the website and on search engines. The leaked files had details such as patients’ names, their age, gender, blood test report, lipid profile and other medical parameters.
In cases of HIV patients, it gave details of CD4 count and viral load in the blood. CD4 count measures the level of
immunity of an HIV positive patient while the viral load gives count of virus in the blood.
The data related to patients from across India, although many may not even know that their reports had been leaked
as the system was used only by the administration to access their records.
The laboratory allowed patients to give their sample at one point and access reports from another location, using the online portal. The leaked records were mostly of Mumbai patients, website officials said.
Health Solutions has, however, claimed that they were able to prevent photographs and contact details of patients
whose records were leaked from going public.
The compromised data was more than a year old. The website has been hacked several times in the past few months, with an official claiming it happened thrice in a week sometimes and “there was nothing they could do about it”. “We stopped uploading files since the website was getting hacked repeatedly. We are moving to a new system,” an official from Health Solutions said.
According to Mourya, the website had two layers of protection, which were breached by the hacker. “The hacker is India-based, though he used the guise of a Chinese server. We are going to take legal action,” Mourya said.
Health Solutions has also been forced to adopt a new system, in which they will add another layer of security.
Health Solutions conducts over 600 diagnostics tests. After a medical report is prepared, any collection centre can access the report for its patients through a login id and password.