Incident Details
An estimated 1.3 million records were found in a publicly accessible database, including 118,441 certificates, 506,663 appointments, 660,173 testing samples, and a small number of internal application files. All the certificates and other documents discovered bore the name and logo of Coronalab.eu. Although the Coronalab website seems offline, it is linked to Microbe & Lab, an ISO-certified laboratory located in Amsterdam, Netherlands. As reported by the NL Times, “CoronaLab ranks among the top two largest commercial test providers in the Netherlands.” Despite sending multiple responsible disclosure notices and making several unsuccessful phone calls, no response was received. The database remained open for close to three weeks until the cloud hosting provider was alerted, and access was finally restricted. Typically, organizations respond promptly or block public access following receipt of a responsible disclosure notice. Additionally, Cybernews, a research-focused online publication, stated finding a similar leak around the same period as the initial discovery, although any definitive connection remains unconfirmed.
The COVID test data exposed contained details such as each patient’s name, nationality, passport number, test results, test type, location, and cost. Furthermore, the database included numerous QR codes and multiple .csv files that disclosed appointment specifics and email addresses for many patients.
Incident
How Did the Breach Happen?
The unauthorized access took place as a result of an unprotected database without password security, holding around 1.3 million entries of COVID-19 testing details along with personally identifiable data like the individual's name, birth date, and passport identification.
What Data has been Compromised?
In the disclosed COVID test database, there was information including the name, nationality, passport number, and test outcomes of each patient, along with details such as the cost, venue, and type of test carried out. Additionally, the database included numerous QR codes and numerous .csv files that displayed appointment specifics and the email addresses of numerous patients.
Why Did the company's Security Measures Fail?
The company's failure to protect the database with a password resulted in the breach, which led to unauthorized individuals gaining access to confidential patient data.
What Immediate Impact Did the Breach Have on the company?
The company's breach led to a decline in confidence and standing, bringing about the possibility of legal and financial repercussions.
How could this have been prevented?
Implementing appropriate security measures like password protection, encryption of confidential information, conducting routine security checks, and promptly addressing responsible disclosure notifications could have averted this breach.
What have we learned from this data breach?
The significance of safeguarding sensitive personal data, particularly in the healthcare sector, is underscored by this recent data breach. It also stresses the importance of promptly addressing responsible disclosure alerts and taking proactive steps to avert security breaches.
Summary of Coverage
1.3 million patient records from a COVID testing service were found to be accessible online because the database lacked password protection. The compromised data contained personal details like names, passport numbers, and test outcomes. This incident could have been avoided through the implementation of adequate security protocols and prompt action upon receiving responsible disclosure alerts. It underscores the significance of safeguarding data and the risks associated with any negligence towards securing confidential information.