An Indian health department accidentally exposed 12.5 million pregnant women’s confidential medical records on a website it manages, ZDNet reports. Left up for anybody to access without a password, it took more than three weeks for the Department of Medical, Health and Family Welfare to remove the sensitive data from the still-public database.
The records temporarily made public included information pregnant women filled out on their medical forms while going to gynecologists for procedures such as amniocentesis, sonography and genetic testing. It included patients’ medical history, name, address, telephone number, status of pregnancy, previous test results, and more, according to ZDNet.
The data breach was found by Bob Diachenko, a researcher with cybersecurity firm Security Discovery, who released the news of the privacy violation after the government managed to secure the data. On the firm’s website, Diachenko reports alerting the Indian Computer Emergency Response Team (CERT), the arm of the Ministry of Electronics and Information Technology that deals with cybersecurity breaches, so it could secure the records immediately.
The patient records also included data collected under the Pre-Conception and Pre-Natal Diagnostic Techniques (PCPNDT) Act, a law the Indian government passed in 1994 to curb the practice of sex determination, eradicate female feticide and equalize the sex ratio in India. The data included information about centers with ultrasound machines that could be used to engage in sex determination, and reports of doctors who entertained the illegal practice, ZDNet reports.
Related on The Swaddle:
The main issue with the breach is the exposure of millions of women’s confidential medical information, mostly related to pregnancy complications and abortions, for which they could be stigmatized. Open records of their addresses and telephone numbers could also render them susceptible to stalking, harassment and assault.
While the consequences of this data breach cannot be quantified yet, the government’s lack of immediacy in response left the information easily accessible for almost a month, which in turn exacerbated the vulnerability of these unassuming women. It is unclear whether the affected women have been notified that their personal data has been made public.
Such negligence has no space in a society that is already struggling with issues surrounding data privacy, and Big Tech’s nonchalance about protecting users’ information. From a Chinese database that exposed information of 1.8 million women, with a column determining if they’re ‘Breedready’, to a period tracking app called Flo that shared users’ data with Facebook, we are reckoning with unethical corporations and their enterprising trading of private data. We could do without careless government organizations making it worse.
