Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



India COVID testing giant leaves vast swathes pf patient Data exposed online Logrhythm comments

October 2020 by James Carder, CSO and VP at LogRhythm Labs

Dr Lal PathLabs, one of the largest lab testing companies in India, left a huge cache of patient data on a public server for months. The lab testing giant, headquartered in New Delhi, serves some 70,000 patients a day, and quickly became a major player in testing patients for COVID-19 after winning approval from the Indian government. The exposed data included spreadsheets containing patient names, addresses, gender, date of birth and mobile numbers, as well as details of the test results, which could indicate or infer a COVID diagnosis or other health condition.

James Carder, CSO and VP at LogRhythm Labs, comments below:

“Organisations are increasingly moving information to the cloud for cost efficiency, increased flexibility, and improved accessibility. While beneficial, it is important to understand the gravity of what it means to move data to the cloud. Unfortunately, Dr Lal PathLabs did not have stringent security measures in place to protect sensitive patient data, including information related to COVID-19 test results. Poor IT hygiene, like leaving an insecure cloud container publicly available to all on the internet, almost always results in a data breach as we have witnessed numerous times over the past couple of years.

"Organisations collecting or storing sensitive medical information must ensure that data protection is of the utmost priority. The onus is on them to monitor with additional scrutiny and gain full visibility into their infrastructure. It is essential that lapses in security can rapidly be detected before patient care is at risk.”

See previous articles


See next articles