Published - December 03, 2016 12:24 am IST - Mumbai:

Data leak from path lab sets alarm bells ringing

A data leak from a pathology laboratory has taken the medical fraternity by surprise after a web security expert and blogger tweeted about the same. As many as 40,000 medical records from the Health Solutions pathology laboratory, Thane, were leaked by a hacker six months back but the breach has come to light now after blogger Troy Hunt took to the social media about it.

The leaked data contained results of tests of patients at the Health Solutions along with other details like name, age, addresses etc. Many reports also had results of the HIV tests. City pathologists say the leak is of great concern as many corporate pathology laboratories use servers for data recording which can be misused. After coming across the leak, Hunt tweeted, “Reporting tens of thousands of exposed medical records indexed by Google and containing test results for things like HIV is not fun”. In another tweet, Hunt said, “I need a Mumbai local to call up the local pathology centre leaking all their patient data and have them get in touch with me. Any takers?”

When The Hindu contacted administrator of Health Solutions, Rodrigues Kustas, he said they had hired a firm to keep the data on a server. “They did not do a good job and hence we got another company to do the work. The data leak was six months ago and by now we already have a new server,” said Mr. Kustas adding that they are an accredited laboratory and such a breach was unintentional. However, the data leak was not reported to the cyber cell by Health Solutions.

According to Dr. Prasad Kulkarni, executive member of Maharashtra Association of Practicing Pathologists and Microbiologists (MAPPM), such a breach of patients privacy is simply unacceptable. “We have so far not received any complaint against the laboratory but patients data should be guarded stringently,” said Dr. Kulkarni adding that such data can be used for marketing purposes and also lead to harassment of patients. “For example, if someone’s report shows high blood sugar, that particular information can be used by anyone who is marketing medicines or a medical set up for that matter,” he said. “It needs to be investigated if the data was leaked accidentally or intentionally,” he added.

“We have taken necessary action by deleting all records from the website and it has been shut down temporarily to ensure that none of the private information of any of our patients goes into public domain. While the website has been hacked, none of the confidential information on health issue of any of our patients has been compromised,” said Amit Sharma, director of HS Pathology Private Ltd.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.