It’s a new day and there comes a new data leak incident that has reportedly exposed the data of millions of patients including information related to their Covid-19 test results. As per a report coming from TechCrunch one of India’s popular and largest testing lab firm Dr Lal PathLabs exposed the personal data of millions of patients in the public domain making it accessible to everyone last month.
According to the report, Dr Lal PathLabs was storing hundreds of large spreadsheets that included sensitive patient data in a storage bucket hosted on Amazon Web Services (AWS). The patients’ data were stored without a password on the server. This allowed anyone and everyone to access these details.
The leaked data included sensitive information of patients including booking details, names, gender, addresses, phone numbers, email addresses, digital signature, payment details and doctor details along with the type of test taken. Currently, Dr Lal PathLabs tests 70,000 patients per day. The report further claims that the leaked data even revealed the Covid-19 test status of some patients.
The leaked patient data was first discovered by Australia-based security expert Sami Toivonen who reported to Dr Lal PathLabs about the expose of data in September. Following this the testing firm “quickly shut down access to the bucket but the company did not reply”. There are no records as to how long the storage bucket was exposed in the public domain.
Toivonen told TechCrunch, “Once I discovered this I was blown away that another publicly listed organization had failed to secure their data, but I do believe that security is a team sport and everyone’s responsibility.“ “I’m glad that they secured it within a few hours after I contacted them because this kind of exposure with millions of patient records could be misused in so many ways by the malicious actors,” he added.
Commenting on the leak of personal data of patients Dr Lal PathLabs spokesperson said that the company is “investigating” the security lapse. The company has also not revealed details on whether they plan to alert patients impacted with the data leak.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines