Dr Lal PathLabs, one of the largest lab testing companies in India, has left data of thousands of patients on a public server, allowing anyone to access the data inside, reported TechCrunch.
The lab testing company based in Delhi serves about 70,000 patients a day. It has also become one of the major players in testing Covid-19 patients after getting approval from the government.
The company was storing hundreds of large spreadsheets packed with ‘sensitive’ patient data in a storage bucket, hosted on Amazon Web Services, TechCrunch stated in its report.
Australia-based security expert Sami Toivonen informed TechCrunch about the exposed data in September. However, it is not known for how long the data has been out in the open.
“Once I discovered this, I was blown away that another publicly-listed organisation had failed to secure their data, but I do believe that security is a team sport and everyone’s responsibility,” the security expert told TechCrunch.
According to the report, the spreadsheets appear to contain daily records of patients’ lab tests with information about their name, address, gender, date of birth, and phone number. While some records also contained information about patients who have tested positive for Covid-19.
Meanwhile, a spokesperson of Dr Lal PathLabs told the American online publisher that the company was ‘investigating’ this security lapse.
Deccan Herald is on WhatsApp Channels| Join now for Breaking News & Editor's Picks