wordpress blog stats
Connect with us

Hi, what are you looking for?

Health department of northern state exposed data of 12.5 million pregnant women

The Department of Medical, Health and Family Welfare of a north Indian state left a database connected to the internet without a password, exposing the medical records of more than 12.5 million pregnant women, ZDNet reported. The records date back to 2014.

Sensitive info removed, but unsecured database still online

The database was discovered on March 7 by Bob Diachenko, a security researcher with Security Discovery, a cyber-security consulting firm. Diachenko wrote in a blog post that authorities in India took three weeks – until March 29 – to remove the sensitive information from the database. Its worth noting that the database is still available online without a password, which is why the state name has been withheld. The database had patients’ records, doctors’ details, children’s details, admin passwords and logins, all of which were collected as part of the Indian Pre-Conception and Pre-Natal Diagnostic Techniques (PCPNDT) Act, which was introduced in 1994 to prevent sex selection and female infanticide.

India: land of leaks

In March 2018 we reported that DISHA (Digital Information Security in Healthcare Act) would enable the digital sharing of personal health records with hospitals and clinics, and between hospitals and clinics, which would be the basis for the creation of digital health records in India. In 2017, the National Health Policy green-lit the creation of a National Health Information Network for sharing of Aadhaar-linked electronic health records. Given the commonplace nature of data leaks by Indian government bodies, the security of electronic health records is questionable at best.

Numerous breaches in 2018, many involving Aadhaar, made India the world capital of data leaks according to the World Economic Forum. Its Global Risks Report 2019 reads, “The largest [data breach] was in India, where [Aadhaar] reportedly suffered multiple breaches that potentially compromised the records of all 1.1 billion citizens. It was reported in January 2018 that criminals were selling access to the database at a rate of Rs 500 for 10 minutes, while in March a leak at a state-owned utility company allowed anyone to download names and ID numbers.”

Medical data leaks

  • In April 2018, it was found that Andhra Pradesh government websites were leaking Aadhaar numbers of women, their reproductive history from pregnancy to delivery, whether they had had an abortion, and so on. It also tracked the infants’ early years and vaccinations.
  • In June 2018, a public website run by the Andhra Pradesh government tracked state-run ambulances in real time, allowing anyone with an internet connection to monitor the movement of these vehicles and obtain sensitive information about the patient — such as the pick-up point, why the ambulance was called, and the hospital to which the patient was taken.
  • The same month, an unsecured Andhra Pradesh government website exposed the names and numbers of every person who purchased medicines, including those who bought Suhagra (a medicine for erectile dysfunction) from government-run stores. A dashboard on the Anna Sanjivini website allowed anyone with an Internet connection to access details including the names and phone numbers of every person who bought medicines from every single such store.

Other data leaks

In April 2018, an Andhra Pradesh government website leaked data of individuals including Aadhaar number, bank branch, IFSC code and account number, father’s name, address, gram panchayat, mobile number, ration card number, occupation, religion and caste information. Two just months later, the Andhra Pradesh government exposed details of up to 4.5 crore citizens — phone numbers, insurance status, and home addresses — on a portal accessible with only an Aadhaar number, The Times of India reported.

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ