In the first report which was published in October last year, the massive data leak contained images of CT scans, X-rays, MRIs and even patients’ photographs.
A recent report published by Greenbone Sustainable Resilience, a German cybersecurity firm has revealed that over 120 million Indian patients’ medical details have been leaked and made freely available on the Internet.
A month after Greenbone’s initial report was published, the number of data troves containing such information went up by a massive name in the Indian context. According to the updated report, Maharashtra tops the states affected by the leak.
In the first report published October last year, the massive data leak contained images of CT scans, X-rays, MRIs and even patients’ photographs.
In November, a follow-up report was published, classifying countries in the “good”, “bad” and “ugly” categories based on what actions the government took after the first report was made public. After the US, India ranks second in the “ugly” category.
Two months after the first report was published, the number of pictures of patients’ details rose from 105 million to 121 million, and that of data troves with patients’ information went up from 6,27,000 to 1.01 million.
“It is a notable fact for the systems located in India, that almost 100 per cent of the studies (data troves) allow full access to related images,” The Hindu quoted the report as stating.
The follow-up report states that Maharashtra tops the number of data troves available online – 3,08,451 troves offers access to 6,97,89,685 images – followed by Karnataka with 1,82,865 data troves giving access to 1,37,31,001 images.
“The leak is worrying because the affected patients can include anyone from the common working man to politicians and celebrities. In image-driven fields like politics or entertainment, knowledge about certain ailments faced by people from these fields could deal a huge blow to their image. The other concern is of fake identities being created using the details, which can be misused in any possible number of ways,” a Maharashtra cybersecurity officer said.
“Any communication between a patient and a doctor is a privileged one,” Medico-legal expert Lalit Kapoor said. “A doctor or a hospital is thus ethically, legally and morally bound to maintain confidentiality,” he said.
According to Greenbone’s original report, the Picture Archiving and Communications Systems (PACS) servers are not secure. These servers have the details stored in them and are linked to the public Internet without any protection, facilitating the leak.
“The fact that PACS servers are vulnerable to attack or are accessible is not new information, and there have been a number of reports on this topic in the past. No report, however, has dealt with the breadth and depth of the problem associated with unsecured PACS servers,” the report states.