Written by : Dr. Aishwarya Sarthe
October 30, 2023
The uncovered database reportedly included sensitive health information, including medical diagnostic scans, test results, patient and doctor names, and details regarding whether tests were conducted at home or medical facilities.
A significant breach in the security of Noida-based Redcliffe Labs, a major Indian diagnostic center, resulted in the exposure of more than 1.2 Cr medical records, including sensitive patient information.
The breach was discovered by cybersecurity researcher Jeremiah Fowler, who found an unprotected database housing extensive medical data.
The breach, reported last Wednesday, disclosed a trove of medical test results, diagnostic scans, and other confidential health records. Fowler confirmed that the exposed database contained approximately 12,347,297 records, totaling a substantial 7 terabytes.
In his report, Fowler revealed, "The unprotected database held a vast array of sensitive health information, including patient names, doctors' details, and specifics on whether tests were conducted at home or in medical facilities."
In addition to the medical records, the exposed database contained developmental files from Redcliffe Labs' mobile application. Fowler highlighted the potential risks associated with the exposure of such application files, citing the potential for cybercriminals to manipulate application functionality and compromise user data and device security.
He warned, "Malicious actors could exploit this data to conduct various cyberattacks, endangering user privacy and potentially identifying vulnerabilities in the application.”
Contradicting these claims, Redcliffe Labs' chief technology officer, Prabhat Pankaj, refuted any data breach allegations. Pankaj explained that the company's data is stored within private virtual clouds, inaccessible to the public, even with credentials. He said, "Our robust security framework includes encryption and regular security checks."
He added, "At Redcliffe Labs, our infrastructure is fortified with dedicated firewalls and robust security measures to safeguard our customers' data."
The Indian diagnostic center, Redcliffe Labs, offers a gamut of wellness and illness tests, has served over 2.5 million customers through in-home, medical facility, and online mobile application services.
Despite the denial of a data breach, a folder labeled "test results" within the exposed database contained over 6 million PDF documents, raising concerns about the potential extent of the breach's impact on customers.
This breach raises important questions about the healthcare sector's security measures and vulnerabilities in safeguarding sensitive medical data, urging a more robust approach to data protection.
In response to the recent cyber attack at the All India Institute of Medical Sciences (AIIMS), the Postgraduate Institute of Medical Education and Research (PGIMER) has initiated cybersecurity audits for its Hospital Information System (HIS).
The objective behind these audits was to uncover and address any possible vulnerabilities within PGIMER's systems, fortifying its defenses against potential cyber threats in the future.