The Department of Medical, Health and Family Welfare of a north Indian state left a database connected to the internet without a password, exposing the medical records of more than 12.5 million pregnant women, ZDNet reported. The records date back to 2014. Sensitive info removed, but unsecured database still online The database was discovered on March 7 by Bob Diachenko, a security researcher with Security Discovery, a cyber-security consulting firm. Diachenko wrote in a blog post that authorities in India took three weeks - until March 29 - to remove the sensitive information from the database. Its worth noting that the database is still available online without a password, which is why the state name has been withheld. The database had patients’ records, doctors’ details, children’s details, admin passwords and logins, all of which were collected as part of the Indian Pre-Conception and Pre-Natal Diagnostic Techniques (PCPNDT) Act, which was introduced in 1994 to prevent sex selection and female infanticide. India: land of leaks In March 2018 we reported that DISHA (Digital Information Security in Healthcare Act) would enable the digital sharing of personal health records with hospitals and clinics, and between hospitals and clinics, which would be the basis for the creation of digital health records in India. In 2017, the National Health Policy green-lit the creation of a National Health Information Network for sharing of Aadhaar-linked electronic health records. Given the commonplace nature of data leaks by Indian government bodies, the security of electronic health records is questionable at…
