Researcher claims 1.2 crore medical records exposed, Noida-based lab denies breach

A cybersecurity researcher claimed to have discovered an unprotected database of a diagnostic centre based in Noida, which reportedly housed over 1.2 crore records comprising medical diagnostic scans, test results, and potentially sensitive medical records.

In an email shared with Hindustan Times, Jeremiah Fowler, a security researcher from Ukraine, shared the images of the purported lab records and said, “The database contained a massive amount of medical test results that included the names of patients, doctors, if the testing sample was done at home or at a medical facility, and a wide range of other sensitive health information. The total number of records was significant, at a count of 12,347,297 with a total size of 7TB. Upon further investigation, the documents were marked as belonging to an India-based company called Redcliffe Labs.”

What does the company say?

Redcliffe Labs has vehemently denied any compromise of their lab records. Pabhat Pankaj, the company's chief technology officer, said “there isn't any data breach that has happened at Redcliffe Labs”. He asserted, "All our databases are stored within private VPCs, making them inaccessible to the public, even with credentials. They are further safeguarded by encryption at rest."

However, Fowler claimed to have shared his findings and received an acknowledgement of his discovery. HT has seen the unverified acknowledgement email. The request for clarification on the same didn't elicit any response from the company.

While access was reportedly restricted on the same day, Fowler added, it remains unclear how long the database was exposed and whether any unauthorized individuals accessed the purported health records.

ALSO READ: Centre to launch software to detect dark patterns used by firms on web

What does the alleged leak comprise?

According to the report published on websiteplanet.com, the alleged leak includes the following details:

• A total of 12,347,297 records were found in the database, with a cumulative size of 7TB.

• Documents marked as "Reports": The database contained 1,180,000 of these objects, with a total size of 620.5GB. These documents included test results and appeared in a basic format without a header logo.

•Smart Report Storage: The database contained 1,164,000 objects, totalling 1.5TB in size. These documents presented test results in an infographic style.

• Folder named "Test results": The database contained 6,090,852 objects in this category, with a combined size of 2.2TB.

•Miscellaneous folders with non-password-protected files: The database comprised 3,912,445 objects, totalling 2.7GB in size. These folders contained .PDF files, internal business documents, logging records, mobile applications and development files.