What if your Covid test results were available on the web? Security researcher Sourajeet Majumder discovered a leak of eight million Covid-19 test results. This massive data leak affected the people of West Bengal, India, where their government official, Dr. Sushant Roy, expressed “surprise at the system flaw that made it possible to access anyone’s test report.”
How would you feel if your Covid test results were available on the web? It turns out, with leaked medical records such as a Covid test, there is more data at risk than just the test results.
Threat of medical data leaks
In addition to data regarding a patient’s health, such as test results, often a medical record contains other private data. The eight million Covid test results that leaked in West Bengal contained: name, age, date and time of testing, residence address, and other details. When the government was advised of the massive data leak, immediate action was taken. The URL endpoints previously leaking the Covid-19 reports now return a 404 (not found) message.
But there is more to the story. This is not an isolated case of leaked medical data. In a post-Covid world, leaked medical data is on the rise and threatens more than privacy. Leaked medical data undermines our basic need for security and our quality of life.
Leaked medical data on the rise
There are other cases of leaked Covid-related data. Because of an insecure QR code implementation, Covid test data was made vulnerable for an “uncountable number” of arriving passengers who were required to undergo a government-mandated Covid test. This data vulnerability was caused by an implementation flaw in an online system that lacked adequate security controls.
Most software engineers would agree that rushed software implementations often result in bugs. If software professionals have errors because of rushed implementations, imagine what happens when Government and Healthcare organizations rush their software implementations.
Medical images do not need to contain so much private data. But for many reasons, more data is in a medical record than is required for the purpose at hand. What if buggy implementations of Covid passports at your hospital, airport or job, leaked your personally identifiable information (PII) on the web? What if you went to the doctor and the record of your visit was leaked on the web?
These kinds of situations are preventable. Less data could be associated with medical records, such as Covid passports, that contain PII. But for multiple reasons, including rushed implementations, our private data is increasingly leaked on the web.
CybelAngel is at the leading edge of data leak discovery
Security researchers at CybelAngel are at the leading edge of data leak discovery and have detected over 45 million unprotected medical image files in 67 countries. Among those 45 million vulnerable files, do some belong to you? When data leaks threaten your personal security, they stop being news stories and get real.
CybelAngel researcher David Sygula shares lessons learned from data leaks. Sygula explains that medical records are a favorite among cybercriminals because they are an easy way to turn a quick profit on the dark web. But it’s more than selling of private data; medical data leaks keep victims in a perpetual state of worry and diminish their quality of life.
If we look at Maslow’s Hierarchy of Needs (see below graphic), we see a pyramid that puts self-fulfillment at the top — and the stages one must work through to attain the goal of self-fulfillment.
When your personal details are compromised, it puts you on defense, always worried about your security. Who can attain self-fulfillment when they are constantly worried about their leaked private data? Cybersecurity researcher Sygula adds that there is also a psychological effect for people affected by cybercrime and identity theft. The aftermath of cybercrime can severely affect the well-being of people, especially if they already suffer from serious ailments. It turns out that even if a data leak is fixed, victims can suffer ongoing attacks by criminals who exploit stolen data via phishing and social engineering schemes that use personal details to gain victims’ confidence, then exploit them.
The truth is that in a post-Covid world, security falls short when it comes to rapid cloud migration. Furthermore, many businesses misunderstand their responsibilities when it comes to cloud data security. Data privacy may be dead; but this can be the catalyst for positive change. The first step comes with securing your private data.
Enterprises face the same struggles as individuals to secure their private data. Companies cannot achieve high levels of success if they are undermined by data leaks. Companies who want to stop the struggle contact CybelAngel.
What we do
CybelAngel provides a platform that helps companies protect against digital threats. Our world-class cybersecurity analysts use machine learning to constantly improve our ability to detect data leaks that put our clients at risk. At CybelAngel, we don’t just find the threats, we fix them.
If you are concerned about the risk of exposed digital assets in your cloud or Supply Chain, contact us for a free assessment. Can’t wait for an assessment? Try our “live” dashboard for an instant assessment. Just insert your company’s name into the field provided. We’ll reveal how many servers and documents your company has vulnerable on the web right now.
Aspire to higher success
At CybelAngel, we stop the worry of data leaks so our clients can aspire to higher success. In a post-Covid world of rushed cloud migrations and software implementations, data leaks are inevitable. But with CybelAngel on your side, damage is optional. So, go ahead, aspire to higher success. CybelAngel has your digital assets covered.