As a result of failing to secure its cloud storage, Dr Lal Pathlabs – one of India’s largest medical testing firms – has exposed millions of customer records. The testing company, which serves more then 70,000 patients a day has quickly become a major player in testing patients for COVID-19 after winning approval from the Indian government.
The leaked data included spreadsheets with highly sensitive patient information such as their names, addresses, digital signatures, phone numbers, email addresses, payment details and doctor details. Even more worrying was the inclusion of COVID-19 and other health test results.
“Organisations are increasingly moving information to the cloud for cost efficiency, increased flexibility, and improved accessibility,” said James Carder, CSO and VP at LogRhythm Labs. “While beneficial, it is important to understand the gravity of what it means to move data to the cloud.”
Organisations collecting or storing sensitive medical information must ensure that data protection is of the utmost priority. They must monitor with additional scrutiny and gain full visibility into their infrastructure in order to ensure that lapses in security can rapidly be detected before patient care is at risk.
“Unfortunately, Dr Lal PathLabs did not have stringent security measures in place to protect sensitive patient data,” concludes Carder. “Poor IT hygiene, like leaving an insecure cloud container publicly available to all on the internet, almost always results in a data breach as we have witnessed numerous times over the past couple of years.”