wordpress blog stats
Connect with us

Hi, what are you looking for?

, ,

Dr Lal PathLabs left millions of customer data exposed: Report

Dr Lal PathLabs left the data of millions of patients exposed on a public server, TechCrunch reported. Exposed data includes details about patient bookings, names, addresses, gender, date of birth, phone numbers, and details of which tests the patients had availed. Dr Lal PathLabs, one of the largest diagnostic labs in the country with 200 laboratories nationwide, is also a government certified private laboratory for carrying out diagnostic tests for COVID-19 in several states. Some of the exposed records also contained additional remarks, such as whether the patient had tested positive for COVID-19.

The company had stored hundreds of large spreadsheets with patient data in a storage bucket hosted on Amazon Web Services without password protection, allowing immediate access to whoever discovered the bucket. Dr Lal PathLabs said the incident involved “less than 0.5% of our records and was immediately fixed” (see their full statement below).

An Australian security expert, Sami Toivonen, found the exposed bucket and revealed the extent of the breach. He informed Dr Lal PathLabs in September, which took down access, per the TC report. It’s not known for how long the bucket was exposed.

The exposure’s extent and nature is serious, especially given that it included COVID-related data of some customers. Consider a case wherein a customer on this list indeed has COVID-19, which by now is proven to cause long-term cardiovascular issues in some people. Could an insurance company charge such a person, who once was infected with the virus, a higher premium?

Health data is sensitive in nature and hence subject to higher protections in many jurisdictions. India’s Personal Data Protection Bill, 2019, too considers health data as sensitive personal data, according it higher protections around processing and storage. As per the Bill, mental, physiological, and physical health data fall within the definition of health data, and health data encompasses the entire life cycle of a person’s health information.

Advertisement. Scroll to continue reading.

We received an email from a cyber-security researcher about a misconfiguration in one of our minor web application where some temporary records were stored for operational purposes. This involved less than 0.5% of our records and was immediately fixed. Relevant authorities have also been kept informed. Dr Lal PathLabs Ltd  is fully committed to information security assurance. Dr Lal PathLabs

Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...


There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data


Existing consumer protection regulations are not sufficient to cover the extent of protection that a crypto-investor would require.


The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ