Security News > 2021 > February > Health Website Leaks 8 Million COVID-19 Test Results
Another human-related error - this time a flaw in a health department website in the state of Bengal, India - has exposed the confidential results of COVID-19 tests as well as personally identifying information for an entire geographic region's population.
Test results related to more than 8 million people potentially were exposed before the agency fixed the error, according to a security researcher.
A teenaged ethical hacker in India, noticed a flaw in the structure of a URL in a text informing someone of their test result from Bengal health authorities.
Specifically, the structure of a URL in the text of the message just before providing the test result comprised a base64-encoded report ID number, which a threat actor could decode to construct new sets of URLs that would enable access to other test results, Majumder told the publication.
Each medical record contained information pertaining to the patient's name, age, gender, partial home address, COVID-19 test result, date of the test, report identifier and even identifying details for the lab where the test was conducted, Majumder said.
"I have found an issue in an Indian government site which is resulting in the leakage of test reports of EVERYONE who took a COVID-19 test in a particular state," he told the outlet.
News URL
https://threatpost.com/health-website-leaks-covid-19-test/164274/