ADVERTISEMENTREMOVE AD
Members Only
lock close icon

Records of 43K Patients Leaked, But Path Lab Says Not Its Concern

Published
Health News
3 min read
story-hero-img
i
Aa
Aa
Small
Aa
Medium
Aa
Large
Hindi Female

In an incident that starkly exposes India’s lack of a strong legal framework concerning data privacy, the medical records of more than 43,000 people were reportedly leaked online accidentally by a pathology lab.

Shockingly, the records include those of patients who tested for HIV – some of them as young as 17. What’s worse, the pathology lab said ensuring patient medical data privacy was not something it was “concerned with”, Buzzfeed reported.

According to the Buzzfeed news report, sensitive details like names, addresses, dates of birth, and blood tests results of patients were stored in an unprotected folder on the website of pathology lab Health Solutions.

ADVERTISEMENTREMOVE AD

Lack of Proper Security Left Sensitive Info Exposed

The lapse was discovered by Troy Hunt, a web security expert. Speaking to Buzzfeed’s Pranav Dixit, Hunt revealed that he gained access to the medical records of thousands of patients as they were stored in a folder with the directory listing option enabled. The files are stored in a server in Provo, United States.

(Photo Courtesy: Twitter/Troyhunt)
What this meant was that there was literally a folder describing all the 43,000-plus files... This also means we have no idea of how many people have seen the files — they could have been viewed within cache...
Troy Hunt 

And since the reports were not password-protected, people could simply download sensitive medical information of any patient from the pathology lab’s website.“It’s about as bad as it gets security wise. This serves as a reminder that once we digitise anything, there’s a far greater risk of it being inadvertently disclosed,” Hunt added.

0
(Photo: iStockPhoto)

Ensuring Patients’ Privacy Not Our Concern: Lab

On being contacted by Buzzfeed, Rodrigues Kustas, the administrator at Health Solutions, initially denied knowledge of the security lapse, only to later wash his hands of the whole mess by claiming that there was nothing that could be done about the problem right now as the pathology lab was currently in the process of moving to a new website.

He further added:

Look, we are not the doctors, we merely do blood tests for patients. We also have more than 250 franchisees all over Mumbai who do tests for us. So maintaining doctor-patient privacy is not something that we as the lab are concerned with.

Kustas said that the lab’s website was developed by a third-party developer whom he described as a personal friend, but refused to provide any more details.

ADVERTISEMENTREMOVE AD
(Photo: The Quint)

Lack of Policy to Blame

The callous reply by Kustas however would come as no surprise to people who are aware of the state of medical privacy in India. Even after almost 70 years of independence, India lacks a robust legal framework concerning medical privacy or privacy laws in general.

Private hospitals frame and follows their own guidelines and maintain patient privacy on their own in the absence of a strong legal framework.

(Source: BuzzFeed News)

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Read Latest News and Breaking News at The Quint, browse for more from fit and health-news

Topics:  Records   Data Leak   Health Solutions 

Speaking truth to power requires allies like you.
Become a Member
3 months
12 months
12 months
Check Member Benefits
Read More
×
×