Security News > 2021 > January > Indian government sites leaking patient COVID-19 test results
Websites of multiple Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients online.
This week, while searching for a means to obtain COVID-19 test results online, I accidentally came across what looked like exposed COVID-19 test results for thousands of patients.
"In order to successfully implement the test-trace-isolate process, the government often requires labs to send patients' test results to the relevant government authorities. This is in addition to the data uploaded by labs onto the Indian Council of Medical Research web portal, where every RT-PCR test done in India is documented."
Every leaked COVID-19 test report observed thus far by BleepingComputer, even the ones hosted on different government domains, have an identical URL structure.
On discovering the leak and verifying its origin, BleepingComputer promptly reached out to relevant parties including multiple Delhi government offices, National Informatics Centre, Digital India, and the Indian CERT. Online COVID-19 test verification systems typically restricted.
While this leak has originated on Indian government websites, previously, some private labs risked exposure of COVID-19 test reports due to insecure QR code implementations.