The medical records of around 43,203 patients were left exposed online by a pathology lab in Thane, which contained personal, confidential details like name, age, addresses, including results of the HIV tests.
The leak was pointed out by Australia-based web security blogger Troy Hunt, who stumbled upon the reports in an open online folder on the Thane-based Health Solutions pathology lab’s website, which were accessible to anyone with the right URL.
The reports were also indexed by Google, which means the damage caused could be far-reaching, as the data was probably lying unsecured for about six months now.
Since Hunt brought the reckless leak (which the lab blames on the firm hired to keep the data on a server) to public notice on Twitter and on his blog, Health Solutions has deleted all the records and has also temporarily shut down their website. However, the leak has set alarm bells ringing, exposing the careless attitude the lab maintained towards doctor-patient privacy.