ADVERTISEMENT

Leaked COVID tests expose sensitive patient data

The COVID-19 testing platform, Coronalab.eu, has exposed a database containing 11.8 million patient records, including COVID-19 certificates, test records, passport numbers, and other sensitive details.

Coronalab.eu data leak

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Jan 16, 2024 Updated: 16 January 2024 2 min read

What sensitive data was exposed?

  • Patients’ names
  • Nationality
  • Dates of birth
  • Passport numbers
  • Covid test results
  • Email addresses
  • Phone numbers
  • Destination country if the test was taken for traveling reasons
ADVERTISEMENT
Coronalab.eu data sample.
Sample of the leaked data. Image by Cybernews.

Risks involved

  • Change the access controls to restrict public access and secure the bucket. Update permissions to ensure that only authorized users or services have the necessary access.
  • Conduct a thorough audit of the access controls for the bucket. Review IAM (Identity and Access Management) policies and permissions assigned to users and service accounts. Make sure that the principle of least privilege is followed.
  • Monitor retrospectively access logs to assess whether the bucket has been accessed by unauthorized actors.
  • Consider encrypting both data in transit and data at rest. Features like server-side encryption offered by Google Cloud Storage can improve the security of the data that is stored.
  • Consider implementing security best practices, including regular audits, automated security checks, and employee training.
ADVERTISEMENT