Government Fixes eHospital Security Flaw Exposing Data of Millions of Patients

The government has fixed a server-side issue within its cloud-based hospital management information system called eHospital that was exposing personally-identifiable data including full name, age, date of birth, gender, and phone number of a large number of patients. The exposed data also included patients’ medical history and their last visited hospital details, according to a researcher who informed about the issue to Gadgets 360. The eHospital portal is meant for digitising records of government hospitals and register medical facilities as well as doctors on a single platform.

Ukraine-based independent security researcher Bob Diachenko discovered the data exposed from the eHospital portal due to a misconfigured Elasticsearch cluster. He informed Gadgets 360 that due to the misconfiguration, the portal was allowing anyone on the Internet to access personal data of millions of registered patients.

Immediately after understanding the issue, Gadgets 360 reached out to the National Informatics Centre (NIC) — the developer behind the eHospital portal. The NIC team resolved the issue shortly after it was reported, and confirmed to Gadgets 360.

Due to the misconfigured cluster, a bad actor could have been able to steal patient details stored on the portal.

“At times, DevOps forget to close the permissions, opened for live data access for fixing the problem. It sometimes leads to temporary data leak and is identified by ethical hackers and cybersecurity researchers. They inform concerned organisations to plug the issues. In this case, the issue of access to data was immediately closed as soon as it was reported by cybersecurity researcher. We are thankful to them for timely reporting of the issue and confirming its closure as well,” an NIC official told Gadgets 360.

According to the statistics available on the eHospital dashboard, the portal has so far registered over 4.83 million patients across India and ​​processed over 2.48 billion transactions. There are also over 631 hospitals on board, which include both state and central government hospitals.

The government launched eHospital in 2015 as one of its initiatives to digitise governance in the country.

In November last year, the Union Health Ministry started digital registrations of all medical facilities and doctors under the Ayushman Bharat Digital Mission. The government made eHospital by NIC as well as e-Sushrut by Centre for Development of Advanced Computing (C-DAC) as the two solutions to digitise health records for hospitals, according to news reports.

Back in 2017, some security flaws within the eHospital Online Registration app had allegedly allowed a Bengaluru-based software engineer to access Aadhaar numbers and personal details of citizens. Cybersecurity experts at the time highlighted that the app was not encrypting its communication with NIC’s servers. The NIC, as a result, had pulled the app altogether.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

BGMI Basic Dynamo Voice Pack Announced, Krafton Bans Over 50,000 Cheaters

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.