A pathology laboratory in Thane, Mumbai, India leaked the private information of more than 43,000 patients online, according to ETtech.com.
The 43,203 records, which were easily found via a Google search, contained patient names, ages and test information. BuzzFeed News reported some patients in the leak are as young as 17, while others are HIV positive.
Cybersecurity expert Troy Hunt was one of the first to point out the leak on his blog. Mr. Hunt told BuzzFeed News the records were online in a folder with directory listing enabled. "What this meant was that there was literally a folder describing all the 43,000-plus files," he said. "This also means we have no idea how many people have seen the files — they could have been viewed within cache."
Mr. Hunt repeatedly attempted to contact the lab, Health Solutions Pathology Private Ltd., but to no avail. BuzzFeed News was able to get in touch with Rodrigues Kustas, an administrator at Health Solutions, who said the lab's website had been "hacked."
"The multiple attempts to breach our site had forced us to migrate to a stronger system," a Health Solutions executive told ETtech.com. "Since our staff was being trained to use the new system, we thought we will [sic] complete our processes by January."
On Dec. 2, BuzzFeed News published an article on the leak. Within hours, the folder containing the patient records became inaccessible.
"We have taken necessary action by deleting all records from the website and it has been shut down temporarily to ensure that none of the private information of any of our patients goes into public domain," Health Solutions Director Amit Sharma told ETtech.com.