cognitive cybersecurity intelligence

News and Analysis


Online Exposure of 1.3 Million Patient Records

Imagine going down the internet rabbit hole one day when you suddenly stumble across a massive digital treasure trove, chock full o’ data! But before you start having visions of finding the digital equivalent of the Lost City of Atlantis, let me tell you, old chum, this isn’t that kind of treasure. You see, what my mate Jeremiah Fowler, the cybersecurity whizz, found was a whopping 1.3 million records just lying there for all to see. And not just any data mind you, but sensitive COVID-19 test information and personal details – names, birth dates, even passport numbers! Makes your skin crawl a bit, doesn’t it?

Just picture it, in those records were about 118,441 certificates, 506,663 appointments, and an astounding 660,173 test samples. Now, who would leave such critical information lying about, I hear you ask? Well, all the paperwork was stamped with the name and logo of, belonging to none other than a certified lab from Amsterdam, the Microbe & Lab.

Apparently, Coronalab is a bigwig, one of the two heaviest hitters in commercial testing in the Netherlands. The mind boggles, doesn’t it? Loose lips sink ships, as we say, and loose data can do much the same if you’re not careful.

Our boy Jeremiah was a right gent, mind you. He didn’t just swipe the data and run for the hills. Oh no, he rang ’em up, sent several notices, but didn’t get a peep in return. And this sensitive data? Still open to anyone who fancied a gander for nearly three weeks! It only got locked up when Jeremiah brought in the grand cloud hosting provider. Bit slack on their side, if you ask me.

The odd thing is, this doesn’t just happen once in a blue moon. Another bunch, Cybernews, seem to have spotted a similar leak around the same time. Speaks volumes about the state of our data protection, doesn’t it? Just imagine the cheek of it – your name, nationality, passport number, plus the test results- all exposed. And it doesn’t stop at that! There were these little snippets of information like the price of your test, where it got done, and what kind of test it was.

And the cherry on top? Along with thousands of QR codes, the database also had loads of .csv files with additional details like appointment slots and email addresses. Bit like your digital laundry aired out for all to see, isn’t it?

So, there it is my friends! Be mindful of where you’re dropping your details because you never know who’s watching or what they might do with what they find out about you. It’s a digital world after all – good for convenience but ripe for mishaps too. Stay safe and keep that info close to your chest!

by Parker Bytes

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts