The move comes after report on how medical labs often hire hackers to leak data
The Maharashtra State AIDS Control Society (MSACS), is set to send a notice to Health Solutions, a private pathology laboratory after data of 43,000 patients — including sensitive information about HIV patients — got leaked online after their unprotected server in the US was hacked. On December 5, mid-day published a report on how hackers used new modus operandi to blackmail patients by procuring their sensitive reports through illegal means. Following this, a three-day investigation was conducted by the officials.
ADVERTISEMENT
The matter came to light at the beginning of this month, when cyber expert, Troy Hunt, exposed that a hacker had leaked sensitive details of over 43,000 patients across India but mostly from Mumbai. The data was easily available on search engines with their names, addresses and pathology reports. Cyber and medical experts claim that the intention might be to use the data to blackmail patients with their reports. In fact, industry insiders also revealed that it is not uncommon for labs to hire hackers to expose and defame their competitors.
After mid-day reported the incident on December 7, MSACS visited the office of the pathology lab in Parel, but discovered that it was defunct. Later, the officials also visited their Thane office for interrogation.
“We are done with our investigation and will send the notice next week. Other than HIV reports, the data also had details of other patients,” said Dr Padmaja Keskar, health officer of BMC. Dr Srikala Acharya, head of MSACS (Mumbai) also confirmed that the notice will be sent on Tuesday.