Indian healthcare platform exposed 4.5 lakh sensitive documents, clinical data of patients: Report

New Delhi: HealthGenie, a Delhi-based healthcare IT solutions provider, has allegedly exposed 4.5 lakh sensitive documents of patients that include clinical data and personal data like phone numbers, addresses and payment details, a report claimed on Friday.

The report by Cybernews showed that the healthcare solutions provider "left an open Amazon S3 bucket, exposing over 36 gigabytes of data, or nearly 450,000 documents, of which 200,000 were of the service's patients".

The documents allegedly exposed patient details including name, date of birth, phone number, address, medical contract numbers, and payment details.

It also laid bare the sensitive clinical data of patients such as medical histories, patient bills, clinical notes, lab reports, and appointment details like photos, screenings, and so on.

Importantly, the documents were exposed for several months, claimed the report.

“Exposing personal medical data poses severe risks for affected individuals as attackers could use the information for identity theft, financial fraud, targeted phishing attacks, blackmail, and potentially compromise patients’ medical histories and personal information. Individual healthcare data can be sold on dark web forums,” Cybernews said.

The research team also contacted HealthGenie for an official comment “but received no response before publishing”.

The Health Genie app with over 100,000 downloads on the Google Play store, offers services such as finding doctors, booking appointments, Electronic Health Record systems, reporting and analytics, and financial monitoring, among others.

India has lately been facing a significant rise in cyber attacks, particularly in the healthcare sector.