Hyderabad: Security flaw in the database of Apollo Hospitals which could reveal the data of one million patients was fixed after cyber security researchers pointed the flaw in the system on twitter.
Shashank, an Indian security consultant, discovered the vulnerability and with the help of French security researcher Robert Baptiste, alerted the hospital authorities.
Shashank discovered the issue while he was booking a dental appointment with Apollo Hospitals on the digital platform ‘Ask Apollo’. Shashank could notify the hospital authorities with the aid of Baptiste who has been on a spree in exposing vulnerabilities in various institutional websites.
“There was a flaw in the auto-fill request form . I could see other patients’ IPA form which had sensitive information like name, address, date-of-birth, phone number, email etc. I had 7-digit sequential ID . So, around 1 million user details of users could possibly get leaked if in wrong hands,” said Shashank.
“I am glad Apollo rectified the vulnerability in their system. But I wish they had a responsible disclosure program like many other organisations through which anyone can help them patch security issues in an ethical manner,” said Shas-hank in his blog post....