• Home
  • Others
  • Others News
  • Dr Lal Pathlabs Left Millions of Patients’ Sensitive Data on Public Server: Report

Dr Lal Pathlabs Left Millions of Patients’ Sensitive Data on Public Server: Report

Dr Lal Pathlabs was reportedly storing hundreds of spreadsheets in a public bucket hosted on Amazon Web Services (AWS).

Share on Facebook Tweet Snapchat Share Reddit Comment
Dr Lal Pathlabs Left Millions of Patients’ Sensitive Data on Public Server: Report

Australia-based security expert Sami Toivonen first discovered Dr Lal Pathlabs sensitive data

Highlights
  • Dr Lal Pathlabs rectified the error within hours of disclosure
  • Expert says exposed storage bucket had millions of users’ sensitive infor
  • This included data like phone number and address of the patient

Dr Lal PathLabs reportedly left sensitive data of millions of users on a public server, allegedly allowing anyone to access this information, in a major security lapse. The lab testing company is one of the largest in India and has received approvals from the Indian government for testing COVID-19 patients as well. The firm was reportedly storing hundreds of spreadsheets in a public storage bucket hosted on Amazon Web Services (AWS), until it was informed of the security lapse by an expert. This storage bucket could be accessed by anyone without the need for a password. The spreadsheets contained sensitive information like patient name, address, phone number, among other things.

TechCrunch reports that Australia-based security expert Sami Toivonen first discovered this sensitive data last month, and he immediately reported this lapse of security to Dr Lal PathLabs. While the company took the necessary measures to shut down access to the storage bucket, it did not respond to Toivonen, according to the report. There is no clarity on how long this data was public, but it gave access to all of the sensitive patient information – to anyone who wanted it.

Toivonen told the publication that the exposed storage bucket had millions of individual patient booking information. The hundreds of spreadsheets that were stored on the AWS public server had information like patient's name, address, gender, date of birth, phone number, and details of the test that the patient is taking. Some of the bookings even had information on test result, for instance, if a patient had tested COVID-19 positive or not.

“I'm glad that they secured it within a few hours after I contacted them because this kind of exposure with millions of patient records could be misused in so many ways by the malicious actors.I was also a little surprised that they didn't respond to my responsible disclosure,” Toivonen told the publication.

Apart from not acknowledging Toivonen, Dr Lal PathLabs has also not offered any public announcement of this data breach. There is also no clarity on whether the organisation has informed the affected patients or not. This little lapse is a prime example of how complacent large organisations still are with storing sensitive information online. Companies, especially the big ones, need to be aware and educated of how to securely store user data on servers.


How to find the best deals during online sales? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Tasneem Akolawala Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
Twitter May Launch New Features to Simplify Direct Messages, Retweets
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com