Biggest medical data leak: 121 million Indian patients record goes public

The latest data leak exposed how over 121 million medical records of Indian patients, including X-rays and scans, have been leaked online. This data is not only freely accessible by anyone now but experts suspect that it will be misused for carrying out further attacks.

According to German cybersecurity company Greenbone Networks, the patient records and scans and images from India also include details such as the name of the patient, their date of birth, the national ID, name of the medical institution, their medical history, physician names and other details that are meant to be classified.

Among the leaked data are medical records belonging to Mumbai’s high-end Breach Candy Hospital as well as Utkarsh Scans, a relatively well-known medical imaging provider. The420.in  team also found that the link where the data has been dumped was accessible to anyone and can be exposing all the sensitive and personal details of the patients.

As per Greenbone, the servers storing these records are vulnerable due to the system used by many healthcare providers. Overall, the company found 1.19 Bn images in its review in 2020, which is a 60% increase (up from 737 Mn) from what it saw last year.

According to the company, the security protocol to be followed in securing these servers had not been followed in this case. The images are directly available on the internet without any password protection, which is typically not the case with medical records.

“Such healthcare institutions would be held liable for using unsecured servers and weak password practices. It is mandatory for the institutions to maintain the privacy of their clients. This is a clear case of a criminal offence,” said Dr Triveni Singh, cyber crime expert and Superintendent of police, Azamgarh.

The government’s National Digital Health Blueprint report has proposed the creation of district-level electronic databases of citizen’s health data and registries for all diseases of public importance and most importantly, proposed a National Health Information Architecture to roll-out and link systems across public and private health providers at state and national levels.

Cyber crime expert explains that these crimes can be investigated but corporate does not own up to such leaks. “If a forensic audit is conducted loophole can be identified and patched. A detailed investigation can help in identifying the problem area. As the data is the new goldmine and digital startup is completely dependent on it so it is high time these companies understand the importance of keeping it safe,” said Utsav Mittal, CEO, Xiarch Solutions, an information security auditing firm.