A big open database was uncovered at Redcliffe Labs, a number one Indian diagnostic service supplier, the place over 12 million healthcare information, together with medical diagnostic scans, check outcomes, and affected person data, have been left unprotected with out password safety.
Cybersecurity skilled Jeremiah Fowler, who discovered the information trove, alerted Redcliffe Labs, following which the agency, promptly secured the database the identical day. This incident raises critical issues about knowledge safety measures and the potential misuse of such delicate information.
Redcliffe Labs offers a spread of healthcare providers, encompassing diabetes, most cancers, genetic testing, HIV, being pregnant, and extra medical areas.
In response to the question by The Cyber Specific, Redcliffe Labs confirmed that the information was not breached, and even with credentials, it was inaccessible to the general public. Prabhat Pankaj, the Chief Expertise Officer of Redcliffe, responded by asserting that the corporate had not skilled any data breach on their half.
“We’d like to stress that every one our databases are saved inside personal VPCs, making them inaccessible to the general public, even with credentials,” Prabhat mentioned. “They’re additional safeguarded by encryption at relaxation,” he mentioned.
Highlighting the diagnostic heart’s dedication to safety, Prabhat conveyed to The Cyber Specific that they’ve applied a strong safety infrastructure. This framework combines endpoint safety, thorough vulnerability assessments, cloud safety measures, and strong database encryption to make sure knowledge security.
He additional added that they’ve undergone varied data safety checks, VAPT, and third-party assessments, with the newest audit concluded in September 2023. He additionally assured that Redcliffe Labs invests in cutting-edge expertise to guard buyer knowledge.
12 Million Redcliffe Labs Information Uncovered!
The database from Redcliffe Labs not solely contained affected person knowledge, but in addition the names of the attending medical doctors. The information, exceeding 12 million in quantity, revealed whether or not the samples have been collected at sufferers’ houses or straight at Redcliffe Labs. The publicity led to a staggering 7 terabytes of knowledge being left unprotected.
The uncovered 7TB Redcliffe Labs database contained a complete of 12,347,297 information.
The opposite particulars within the uncovered Redcliffe Labs information have been as follows:
- A folder named check outcomes with over 6 million PDF paperwork.
- Studies with 1,180,000 objects amounting to 620.5GB.
- One other set of paperwork with 1,164,000 objects amounting to 1.5Tb knowledge.
- A check outcomes folder with 6,090,852 objects amounting to 2.2TB.
- Miscellaneous folders with 3,912,445 objects amounting to 2.7Gb knowledge.
The miscellaneous folder was a set of PDF recordsdata, inner enterprise paperwork, and improvement recordsdata. It additionally contained logging records and cellular software particulars.
The cellular software of Redcliffe Labs was additionally uncovered which may very well be misused to have an effect on the performance and knowledge sharing between the diagnostic centre and patients.
Notifying Redcliffe Labs of the 7TB Database
Addressing the invention of the uncovered Redcliffe Labs information, the cybersecurity researcher wrote in a report, “Upon additional investigation, the paperwork have been marked as belonging to an India-based firm referred to as Redcliffe Labs.”
“I instantly despatched a accountable disclosure discover, and I acquired a reply acknowledging my discovery and thanking me for my efforts,” Jeremiah additional added.
Though the uncovered Redcliffe Labs information have been secured by altering the settings to limit public entry, it’s unclear if hackers had already pilfered delicate knowledge and launched social engineering attacks utilizing the information of sufferers.
It’s not identified how lengthy the uncovered Redcliffe Labs information have been left that manner.
Since its inception in 2018, Redcliffe Labs has expanded its operations to incorporate over 60 laboratories and greater than 2000 wellness and assortment facilities throughout India.
Media Disclaimer: This report is predicated on inner and exterior analysis obtained via varied means. The knowledge offered is for reference functions solely, and customers bear full duty for his or her reliance on it. The Cyber Specific assumes no legal responsibility for the accuracy or penalties of utilizing this data.
Associated
