One of India's largest lab testing facility Dr. Lal PathLabs allegedly left millions of their patients' data on a public server for months. It was not confirmed until a security expert found the exposed data to an Amazon server, without any need of password.
Indian patients' data gets exposed!
(Photo : Photo by Yawar Nazir/Getty Images) An Indian health official uses a swab to collect sample from a woman to conduct tests for the coronavirus disease (COVID-19), amid the spread of the disease, at Nehru Homoeopathic Medical College and Hospital on July 21, 2020 in New Delhi, India. Spike of 37,148 cases and 587 deaths reported in India in the last 24 hours, taking the total toll at 1,171,356 in the country. India confirmed Covid-19 infections crossed over 1 million mark as the worlds third worst hit country grapples to deal with the impact of the global epidemic. Even as death toll due to the deadly virus mounted to 28,329 with record 587 fatalities in a last 24 hours, according to data released by the health ministry on early Friday, Indian Prime Minister Narendara Modi in a televised address said the country was ensuring one of the best recovery rates in the world in its fight against Covid-19.
A giant lab testing facility in India was recently caught on a major data breach. Tech Crunch first reported that Dr. Lal Pathlabs, headquartered in New Delhi, stores millions of their customer' data via a public server of Amazon Web Services host (AWS).
Australia-based security expert Sami Toivonen found the data breach exposure online in September. He immediately reported it to Dr Lal PathLabs, wherein the company quickly close the access to the file.
However, after this incident, Toivonen revealed that the company did not even explain how the information was breached online or how long these data was sitting on a public server, without passwords.
In definition of without passwords, anyone that are not even hackers could access the data without hassle.
All the patients' data were put in a large spreadsheets wherein each contains patient's name, address, gender, date of birth, and mobile number.
To make it worse for the patients, the details of the test that the patient is taking, which could include the person's health issues or medications were also found in the spreadsheets.
(Photo : Photo by Yawar Nazir/Getty Images) An Indian health official holds a testing tube after collecting a swab from people, as India remains under an unprecedented extended lockdown over the highly contagious coronavirus (COVID-19) on April 30, 2020 in New Delhi, India. India eased the lockdown restrictions by allowing neighbourhood shops and standalone shops in areas that havent been marked coronavirus hotspots to sell goods on the condition of 50 per cent staff strength and following other protective guidelines like wearing masks and maintaining social distance. With a total number of over 33,000 positive cases, the death toll due to coronavirus in India has reached 1079 as the country reels under a nationwide lockdown that was imposed on March 25 by the government.
Aside from the health issues of each patient of Dr. Lal PathLabs, there were also remarks in the spreadsheets that could be showing which patients were tested for Coronavirus or found positive to it.
So far, the lab testing company has not yet released any statements regarding the issue.