CYBERInsights: DATA Breach – Sensitive Patient Records Exposed by Medical Diagnostic Company
DATA BREACH: Millions of Highly Sensitive Patient Records Exposed in Medical Diagnostic Company Data Breach
By: Jeremiah Fowler – WebsitePlanet.com
Syndicated By: Iain Fraser Cybersecurity Journalist Gibraltar
Wednesday, 25th October 2023
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 12 million records containing medical diagnostic scans, test results, and other potentially sensitive medical records.
The database contained a massive amount of medical test results that included the names of patients, doctors, if the testing sample was done at home or at a medical facility, and a wide range of other sensitive health information. The total number of records was significant, at a count of 12,347,297 with a total size of 7TB. Upon further investigation, the documents were marked as belonging to an India-based company called Redcliffe Labs.
I immediately sent a responsible disclosure notice, and I received a reply acknowledging my discovery and thanking me for my efforts. Public access was restricted the same day, but it is unclear how long the database was exposed or if any unauthorized individuals accessed the purported health records.
Redcliffe Labs is one of India’s largest diagnostic centres. It offers more than 3600 wellness and illness tests. Users can receive medical diagnosis services at home, at medical facilities, and online via a mobile application. These services include full-body check-ups at home, blood testing, diabetes tests, joint care, vitamin tests, specialized testing services for cancer, genetics, HIV, pregnancy, and many others. Redcliffe Labs also advertises free sample collections and a consultation with a doctor as part of the service.
According to their website, they have 2.5 million customers. However, a folder in the database named “test results” contained over 6 million PDF documents. This could indicate either that far more customers were potentially affected or that perhaps these were multiple tests from repeat customers. According to their website “Redcliffe Labs is India’s fastest growing technology empowered diagnostics service provider having its home sample collection service in more than 220+ cities with 80+ Labs and 2000+ Walk-in Wellness and Collection Centres across India”. Learn More /…
