As part of a major data breach, popular lab testing company in India -- Dr Lal PathLabs -- leaked millions of patients' data. The data was left exposed on a public server for months, as suggested by Australia-based security expert Sami Toivonen. Read on to know more about the data breach.
Dr Lal PathLabs data breach
It is suggested that Dr Lal PathLabs was storing its patients' personal and sensitive data on large spreadsheets that were hosted on Amazon Web Services (AWS). The data, however, wasn't password-protected and could be accessed by anyone, especially for malicious purposes.
The data belonged to millions of patients who were using Dr Lal PathLabs' services and included information on patient’s name, address, gender, date of birth and cell number, along with details about the tests being conducted by the lab. This also involved whether or not a patient is a COVID-19 positive. This However, there is no word on how long the data remained in open
Sami Toivonen discovered the security lapse in September and informed the lab testing firm of the same. While Dr Lal PathLabs blocked access to the data as a sigh of relief, it didn't respond to Toivonen.
Toivonen, in a statement to TechCrunch, said, "Once I discovered this I was blown away that another publicly-listed organization had failed to secure their data, but I do believe that security is a team sport and everyone’s responsibility. I’m glad that they secured it within a few hours after I contacted them because this kind of exposure with millions of patient records could be misused in so many ways by the malicious actors."
Dr PathLabs is currently looking into the matter, following which the company will decide its further course of action.