The Bruhat Bengaluru Mahanagara Palike (BBMP) has shut down its COVID-19 test data collection portal after a possible data breach, which allows hackers to access the health information of citizens. The incident was flagged by the Free Software Movement of India after they showed how the data could be easily accessed just with the phone numbers.
BBMP was collecting the health records of the citizens for its Public Health Activities, Surveillance, and Tracking (PHAST) portal which included name, age, gender, patient ID, ICMR test ID, lab name, test result (positive/negative), the sample collected and received date, sample type, hospital name (if the patient is hospitalized) and status of symptoms.
The Free Software Movement of India has requested the local authorities to not only conduct a security audit but to also take action against the software company for its complacency in designing software without any security.
Kiran Chandra, general secretary of the Free Software Movement of India wrote about the breach to BBMP Special Commissioner (Health and Information technology) Rajendra Cholan P and said it was not hard for a data broker to harness these details by writing an automated script.
“The IT Rules of 2011 clearly states that health record information is ‘sensitive’ data and the collection, storage and disclosure of such data must be bound by ‘Reasonable security practices and procedures. This is a clear violation of IT Rules (2011) and shows an appalling lack of attention to protecting individual’s personal and sensitive data. The lack of proper security practices for sensitive health record data, especially in the midst of the peak of the pandemic can lead to misuse, exploitation and poses a c ..
Support the originator by clicking the read the rest link below.