Sensitive data of Dr Lal Pathlabs patients left open on public server, says report

In a serious security flaw, Dr Lal Pathlabs, India’s largest laboratory test company, exposed data from millions of patients on a public server. The data that had been left out could be accessed by anyone, as per the reports. Dr Lal PathLabs is one of the most trusted and trusted diagnostic centers in India which has also gained government approval for COVID testing. It caters to around 70,000 patients in one day.

According to TechCrunch, the company stored hundreds of spreadsheets containing sensitive patient data in a public storage bucket hosted on Amazon Web Services. The data was accessible to anyone and the company only intervened after being informed of the lack of security by an expert.

The report states that the spreadsheet stored on AWS could be accessed by anyone without even needing a password. Important patient data such as name, number, COVID diagnostic result and other sensitive information were available on the spreadsheet.

The flaw was first discovered by Australian security expert Sami Toivonen in September. He then informed Lalpathlabs of the security breach. Although the company limited access to the storage bucket on AWS, it did not respond to Toivonen, as per the TechCrunch report. However, it is not yet known how long the data has been exposed on the public server.

Reacting to the entire security breach, Toivenon told TC: “Once I found this out, I was amazed that another publicly traded organization had failed to protect their data, but I believe that security is a sport. of team and everyone accountability. I am delighted that they secured that within hours of contacting them because this kind of exposure with millions of patient records could be misused in so many ways by malicious actors. “

“I was also a little surprised that they didn’t respond to my responsible disclosure,” he added.

Dr. LalPathlabs has yet to release an official statement regarding the serious insecurity, but a company spokesperson told the publication that it is “investigating” the matter.

Dr. Lal Pathlabs was archiving hundreds of spreadsheets containing sensitive patient data in a public storage bucket hosted on Amazon Web Services.

News Underline:

  • Dr. Lal Pathlabs exposed the data of millions of patients on a public server.
  • Important patient data such as name, number, COVID diagnostic result and other sensitive information were exposed.
  • Dr. LalPathlabs has yet to make an official statement regarding the serious lack of security