A new data leak has exposed the data of millions of patients, including their COVID-19 test results. TechCrunch reported that one of India’s largest testing laboratories, Dr Lal PathLabs, failed to secure the personal data of millions of patients.
Dr Lal PathLabs was storing sensitive patient data on Amazon Web Services (AWS) without a password, making the data accessible to all. The data was stored on the unsecured cloud server for almost a year.
The data included patients’ booking details such as their name, address, phone number, email id, payment details, digital signature, and also the type of medical tests they had taken. The leaked data reportedly revealed novel coronavirus test details too.
The data was available in the public domain and accessible to all until September, when the breach was highlighted by Australia-based cybersecurity expert Sami Toivonen.
After this, Dr Lal PathLabs “quickly shut down access to the bucket.”
Speaking about the major data breach, Toivonen said: “Once I discovered this, I was blown away that another publicly listed organisation had failed to secure their data. I’m glad that they secured it within a few hours after I contacted them because this kind of exposure with millions of patient records could be misused in so many ways by the malicious actors.”
A spokesperson of Dr Lal PathLabs has said that they are 'investigating' the data security breach.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
