Written by : Jayati Dubey
April 29, 2024
Alarmingly, the data remained exposed for several months, posing significant risks to the affected individuals.
HealthGenie, a healthcare IT solutions provider based in Delhi, has allegedly exposed sensitive documents of around 4.5 Lakh patients, comprising clinical and personal data such as phone numbers, addresses, and payment details. The revelation comes amid growing concerns over cybersecurity breaches in the healthcare sector.
A report by Cybernews revealed that HealthGenie had left an open Amazon S3 bucket, exposing over 36 gigabytes of data, including nearly 450,000 documents.
Among these documents, approximately 200,000 pertained to patients of the service. The exposed data allegedly contained patient information such as name, date of birth, phone number, address, medical contract numbers, and payment details.
The exposed documents also included sensitive clinical data, comprising medical histories, patient bills, clinical notes, lab reports, and appointment details, including photos and screenings.
Alarmingly, the data remained exposed for several months, posing significant risks to the affected individuals.
Cybernews warned that the exposure of personal medical data could lead to severe consequences, including identity theft, financial fraud, targeted phishing attacks, blackmail, and compromise of patients' medical histories and personal information.
Such data can also be traded on dark web forums, amplifying the potential threats.
HealthGenie operates an app with over 100,000 downloads on the Google Play store, offering various services such as finding doctors, booking appointments, electronic health record systems, reporting and analytics, and financial monitoring.
The exposure of sensitive patient data raises questions about the security measures implemented by the app and its potential impact on users' privacy.
India has witnessed a significant surge in cyberattacks, particularly targeting the healthcare sector.
According to a report by Indusface, an app security solutions firm, over 1.6 billion cyberattacks were recorded in India during the second quarter that ended September 30, 2023, marking a 70% increase from the previous quarter.
The study revealed that all healthcare sites and over 90% of banking and insurance sites in India experienced bot attacks during the quarter.
Additionally, there was a substantial increase in Distributed Denial of Service (DDoS) attacks, with traffic ranging from 3,000 to 14,000 times more than usual daily traffic on target sites.
India, the United States, the United Kingdom, Germany, and Singapore emerged as top victims of bot attacks, highlighting the global nature of cybersecurity threats.
The report underscored the urgent need for enhanced cybersecurity measures to protect sensitive data and mitigate the risks posed by cyberattacks.
The data breach incident involving HealthGenie underscores the critical importance of cybersecurity in the healthcare sector.
With the increasing digitization of medical records and patient information, robust security measures are essential to safeguard sensitive data and ensure patient privacy.
It is imperative for healthcare organizations to prioritize cybersecurity protocols to mitigate the growing threats posed by cyberattacks.