Experts On Millions Of Records Belonging To Medical Testing Firm Found Exposed Online

Dr Lal PathLabs, one of the largest lab testing companies in India, left a huge cache of patient data on a public server for months, TechCrunch has learned. The lab testing giant, headquartered in New Delhi, serves some 70,000 patients a day, and quickly became a major player in testing patients for COVID-19 after winning approval from the Indian government. But the company was storing hundreds of large spreadsheets packed with sensitive patient data in a storage bucket, hosted on Amazon Web Services (AWS), without a password, allowing anyone to access the data inside.


EXPERTS COMMENTS
Sergio Lourerio, Cloud Security Director ,  Outpost24
October 12, 2020
companies using AWS for analytics or big data projects and making careless mistakes in the misconfiguration
This is another case of sensitive data on AWS buckets being left wide open on the internet, with little to no security. We’ve seen this time and time again - companies using AWS for analytics or big data projects and making careless mistakes in the misconfiguration. To prevent this scenario companies must ensure they have the security process and controls in place to assess and be alerted of pot ....
[Read More >>]
Warren Poschman, Senior Solutions Architect,  comforte AG
October 12, 2020
Another week, another AWS misconfigured server.
Another week, another AWS misconfigured server. It is clear that those that choose to use cloud-based databases must perform necessary due diligence to configure and secure every corner of the system properly. Sadly, with the recent wave of AWS, ElasticSearch, MongoDB, Big Data, and other Open Source breaches, it does look like security is not being taken seriously enough. Healthcare institutions ....
[Read More >>]
Niamh Vianney Muldoon, Senior Director of Trust and Security, EMEA,  OneLogin
October 12, 2020
Dr Lal PathLabs were fortunate to have received warning from a benevolent security expert.
To collect such sensitive data without having the basic security controls in place breaches PII regulatory and Healthcare compliance requirements, never mind industry best practices. Dr Lal PathLabs were fortunate to have received warning from a benevolent security expert but we do not know how long the information has been exposed and what other actors may have gained access. The company has a re ....
[Read More >>]
Jamie Akhtar, CEO and Co-founder,  CyberSmart
October 12, 2020
Breaches often happen when organisations are overwhelmed just as in this case.
Breaches often happen when organisations are overwhelmed just as in this case. That's why it's critical to have secure processes and policies in place so that security is built into every day operations. Not using password protection, allowing everyone full access to sensitive data- this is breaking the fundamental rules of cyber hygiene. Employees should be educated on basic cyber security as wel ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
October 12, 2020
Independent of any regulatory sanctions, these security reviews help avoid the reputational damage.
Cloud storage solutions are convenient and cost-effective, but we must not forget that proper configuration of any cloud service means configuring components, like S3 buckets, securely. Securely in this context implies that a review of the security requirements for the data stored, but also ensures that regulations are respected. When it comes to healthcare data of any form, it is one of the most ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
October 12, 2020
Wow! Another day, another unprotected bucket of data.
Wow! Another day, another unprotected bucket of data. It's hard to fathom that a firm would leave unprotected data available on the web, especially in today's atmosphere of heightened security. But, it has happened again. While kudos are deserved for the company quickly securing the data once a security researcher tipped them off, the data should never have been left in an unsecured form. Hopeful ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article