Skip to main content

DATA BREACH: Millions of Highly Sensitive Patient Records Exposed in Medical Diagnostic Company Data Breach

DATA BREACH: Millions of Highly Sensitive Patient Records Exposed in Medical Diagnostic Company Data Breach
By: Jeremiah Fowler - WebsitePlanet.com
Syndicated By: Iain Fraser Cybersecurity Journalist Gibraltar

Wednesday, 25th October 2023

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 12 million records containing medical diagnostic scans, test results, and other potentially sensitive medical records.

The database contained a massive amount of medical test results that included the names of patients, doctors, if the testing sample was done at home or at a medical facility, and a wide range of other sensitive health information. The total number of records was significant, at a count of 12,347,297 with a total size of 7TB. Upon further investigation, the documents were marked as belonging to an India-based company called Redcliffe Labs. 

I immediately sent a responsible disclosure notice, and I received a reply acknowledging my discovery and thanking me for my efforts. Public access was restricted the same day, but it is unclear how long the database was exposed or if any unauthorized individuals accessed the purported health records.

Redcliffe Labs is one of India’s largest diagnostic centres. It offers more than 3600 wellness and illness tests. Users can receive medical diagnosis services at home, at medical facilities, and online via a mobile application. These services include full-body check-ups at home, blood testing, diabetes tests, joint care, vitamin tests, specialized testing services for cancer, genetics, HIV, pregnancy, and many others. Redcliffe Labs also advertises free sample collections and a consultation with a doctor as part of the service.

According to their website, they have 2.5 million customers. However, a folder in the database named “test results” contained over 6 million PDF documents. This could indicate either that far more customers were potentially affected or that perhaps these were multiple tests from repeat customers. According to their website “Redcliffe Labs is India’s fastest growing technology empowered diagnostics service provider having its home sample collection service in more than 220+ cities with 80+ Labs and 2000+ Walk-in Wellness and Collection Centres across India”. Learn More /...

Daily Cyber Insights


Labels:
Location: Gibraltar

Comments

Post a Comment

Popular posts from this blog

CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information

Tuesday, 5th December 2023 CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information By Jeremiah Fowler - Website Planet  Syndicated By IainFraser.net/CYBER_Voice Daily Cyber Insights  Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 56,000 records, including pet medical reports, DNA tests, pedigree history and other potentially sensitive information. As a long-time cyber security researcher, this is one of the most interesting discoveries I have ever encountered and a first for me.  I recently discovered a non-password protected database that contained records of thousands of dogs from around the world and included the information of their human owners. The publicly exposed cloud storage database contained a total of 56,624 documents in .PDF, .png, and .jpg formats with a total size of 25 GB. Upon further investigation, the database appeared...
Post a Comment
Learn More »

CYBERSECURITY NEWS: ECSO Launches its latest ground-breaking initiative CYBERHive

28th November 2023  CYBERSECURITY NEWS: ECSO Launches its latest ground-breaking initiative CYBERHive  Syndicated By: Iain Fraser/ Cyber PR Wire via IainFRASER.net/ CyberPRWire ECSO is delighted to announce the launch of its new, ground-breaking initiative: Cyberhive EUROPE. Cyberhive is the first-ever European marketplace co-created with- and for the European cybersecurity ecosystem, and will offer global accessibility to all Europe-headquartered cybersecurity solution providers, while also being freely accessible to end-users worldwide. Through the Cyberhive, ECSO will connect market players, promote European-made products, and ultimately strengthen the European cybersecurity market as a whole. To learn more about the Cyberhive, read below.  The second Annual CISO Meetup, organised by ECSO, starts today! Over 150 CISOs are joining us in Florence from all over Europe to engage in high-level discussions on critical cybersecurity topics. Read more below. Learn More /... ...
Post a Comment
Learn More »

CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance

Tuesday, 28th November 2023 CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance Posted by: Iain Fraser - Cybersecurity Journalist Gibraltar via IainFraser.net/ Daily Cyber Insights CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance The UK NCSC & US CISA have joint-published what they term as "security-focused guidance" for AI & ML developers and those who leverage AI/ML with their protocols and systems.  The Publication of Guidelines for Secure AI System Development (PDF),  apply to all types of AI/ML systems, regardless of whether built from wireframe up or added as a bolt-on on third-party resources, to address issues related to AI, cybersecurity, and critical infrastructure. Devised to be used in conjunction with existing Cybersecurity, Incident Response and Cyber Risk-Management protocols. The NCSC and CISA have said “Providers should implement security controls and mitigations where possible within their mode...
Post a Comment
Learn More »