Dr Lal PathLabs says only 0.5% of records leaked

Dr Lal PathLabs, one of India’s top diagnostic chains, today clarified that the leak of patient data reported in the media involved only 1 in 200 patient records held by the company and did not involve any “material information loss”.

“There was a misconfiguration in one of our minor web application where temporary records were stored for operational purposes, and took place at a facility managed by a third party. It involved less than 0.5% of our records and has been successfully resolved since. We have informed the relevant authorities about the same and are investigating this incidence,” the Delhi-based company said.

The incident has been in the headlines with most reports claiming that data belonging to “millions of patients” has been leaked on the internet.

Dr Lal PathLabs, however, did not clarify exactly how many patients’ data was affected by the incident.

Data can be leaked on the internet if permissions and access protocols put in place to protect it from unauthorized access are misconfigured on the server/computer.

According to the original report in TechCrunch, the company had stored “hundreds of large spreadsheets” packed with patient information such as names, addresses, phone numbers, email ids and the type of medical tests they had taken on an Amazon Web Services Bucket — a kind of online data storage service.

According to the report, Australia-based security expert Sami Toivonen — who discovered the spreadsheets — alerted Dr Lal Pathlabs, who fixed the problem within hours of being alerted.

In its clarification on the matter, the diagnostics company said it follows stringent protocols and processes to maintain privacy of patient data and this incident has not resulted in any material information loss.