Redcliffe Labs ‘data leak’: Records of 12 million patients spill into public domain; details here

New Delhi: Redcliffe Labs, the Noida-based diagnostic service provider has found itself in the line of fire over alleged massive medical data leak due to its ‘inept & sub-standard’ system of data protection.  Reports suggest that the database of over 12 million patients got compromised because of its mis-configured & non-protected system.

According to Cyber Security researcher Jeremiah Fowler, database of over 12 million patients registered with Redcliffe got exposed and this included not just patients’ records but also their diagnostic scans and test results. The total number of database was reported at 12,347, 297 and this included personal medical details of customers. In couple of other cases, names of doctors also spilled into public domain while in others an array of health-related & sensitive information got exposed, thereby created widespread concerns among the medical fraternity.

“Exposed database comprised medical diagnostic scans, test results, and a wealth of sensitive medical information,” cybersecurity researcher, Jeremiah Fowler .

The exposure of medical records of more than 12 million customers has created a big furore in the public sphere, as many are pointing fingers at the company’s conduct & functioning capability.

According to Fowler, the official customer base of Redcliffe Labs’ stands at 2.5 million. However, one of the folders was understood to be hoarding more than 6 million PDF documents, thus indicating a bigger impact.

“Such files are crucial as they control an app’s functionality and the data transmitted between the user and the host server. In the wrong hands, this information could lead to cyberattacks compromising user data, app functionality, or mobile device security,” Fowler explained.

Concerns over risks due to data leak

Post the massive medical data breach, questions are being raised over the security lapses & gaps in Redcliffe Labs’s system that led to such big chaos & leakage of personal data.

Cybersecurity experts warn of challenges including medical identity theft, misuse of private health information as immediate challenges in protecting the details of patients.

Notably, India’s 1st comprehensive data protection law namely Digital Personal Data Protection Act, 2023 got operational this year. According to stipulated guidelines, the companies will have to report data breaches within 72 hours, else penalties will levied for non-compliance.

Clarification by Redcliffe Labs

The leakage of sensitive medical information by Redcliffe Labs was hushed over to avoid loss of face for the diagnostic services provider but the latter denied any such leakage in a press statement.

Stating facts before press, the firm said that its security mechanism was impregnable and it rather focuses on security at every stage and not just at the end result.

“Our dedication to cybersecurity is unwavering, and we continue to invest in cutting-edge technology to protect our Customer’s information,” Redcliffe Labs said.