Hackers Steal Medical Records of 35,000 Indian Patents, Including HIV Records

/hackers-steal-medical-records-of-35000-indian-patients-including-hiv-records
Indian health company forced to delete its patient database
The website of Health Solutions, one of the largest diagnostic laboratories in India, has been breached on Friday, with hackers accessing a database that included no less than 35,000 medical reports, including information HIV reports for registered patients.

A report by Indian Express receives that the website of the company, hsppl.com, included 40,000 files, out of which approximately 35,000 were related to patients and contained medical data.

The site’s administrators detected the hack and decided to remove the entire database in order to protect customers, but it’s not clear how many of the files they managed to steal.

A company official said that the leaked data included mostly details of Mumbai patients, but explains that photographs and contact details weren’t compromised. On the other hand, the database included patients’ names, their age, gender, blood test report, lipid profile and other medical information
“We have erased the entire data from our website to protect patients’ details,” said website developer Sunil Mourya according to the source.

Three breaches in one week

Site administrators claim that the compromised data was one-year-old and patients are not yet aware of the breach. They haven’t revealed, however, if they plan to inform customers about the hack, although it goes without saying that they must do this.

What’s worse is that the site has already been breached several times in the past, but company officials said that “there was nothing they could do about it,” admitting that at least three breaches were recorded in one week.
“We stopped uploading files since the website was getting hacked repeatedly. We are moving to a new system,” an official from Health Solutions revealed.
On the other hand, the Indian company says it has already started the investigation and is now collecting information about the hacker. The attack was launched by an Indian hacker, even though he used a Chinese server, so the firm plans to take legal action against him.