0
0
New Delhi, India – In a concerning revelation, Delhi-based healthcare IT solutions provider HealthGenie has reportedly left approximately 4.5 lakh sensitive documents of patients exposed, including clinical data and personal information such as phone numbers, addresses, and payment details. According to a report by Cybernews released on Friday, the healthcare solutions provider left an open Amazon S3 bucket, exposing over 36 gigabytes of data, comprising nearly 450,000 documents, out of which 200,000 were related to the service’s patients.
The exposed documents allegedly contained detailed patient information, including names, dates of birth, phone numbers, addresses, medical contract numbers, and payment details. Furthermore, sensitive clinical data, including medical histories, patient bills, clinical notes, lab reports, and appointment details like photos and screenings, were also laid bare.
Alarmingly, the documents were reportedly exposed for several months, raising concerns about the security protocols employed by HealthGenie.
“Exposing personal medical data poses severe risks for affected individuals as attackers could use the information for identity theft, financial fraud, targeted phishing attacks, blackmail, and potentially compromise patients’ medical histories and personal information. Individual healthcare data can be sold on dark web forums,” Cybernews cautioned.
Despite attempts by the research team to contact HealthGenie for an official comment, no response was received before publishing the report.
The Health Genie app, boasting over 100,000 downloads on the Google Play store, offers a range of services including finding doctors, booking appointments, Electronic Health Record systems, reporting and analytics, and financial monitoring. However, the breach underscores the urgent need for enhanced cybersecurity measures within the healthcare sector, particularly amidst the recent surge in cyber attacks across India.
India has witnessed a notable increase in cyber attacks, particularly targeting the healthcare sector, emphasizing the critical importance of robust data protection measures and proactive cybersecurity strategies to safeguard patient information and maintain the integrity of healthcare systems.
